diff --git a/interface/web/mail/form/mail_whitelist.tform.php b/interface/web/mail/form/mail_whitelist.tform.php
index edd32483712bedea9b430d2f5cba5de346a73fb7..d4b9baf742d1238958df3749c38618fbeac85dd2 100644
--- a/interface/web/mail/form/mail_whitelist.tform.php
+++ b/interface/web/mail/form/mail_whitelist.tform.php
@@ -118,5 +118,9 @@ $form["tabs"]['whitelist'] = array (
 	)
 );
 
+if (! $app->auth->is_admin()) {
+	$form["tabs"]['whitelist']['fields']['type']['value'] = array('recipient' => 'Recipient', 'sender' => 'Sender');
+}
+
 
 ?>
diff --git a/interface/web/mail/lib/module.conf.php b/interface/web/mail/lib/module.conf.php
index d9d97bc8b2fb72c4b161791023177368f901000e..fbe8ffbcb5785e4737d676034edd5cba0d9cc13d 100644
--- a/interface/web/mail/lib/module.conf.php
+++ b/interface/web/mail/lib/module.conf.php
@@ -61,6 +61,20 @@ if($app->auth->get_client_limit($userid, 'mailcatchall') != 0)
 		'html_id' => 'mail_domain_catchall_list');
 }
 
+if(! $app->auth->is_admin())
+{
+	$items[] = array(   'title'  => 'Email Whitelist',
+		'target'  => 'content',
+		'link'     => 'mail/mail_whitelist_list.php',
+		'html_id' => 'mail_whitelist_list');
+
+
+	$items[] = array(   'title'  => 'Email Blacklist',
+		'target'  => 'content',
+		'link'     => 'mail/mail_blacklist_list.php',
+		'html_id' => 'mail_blacklist_list');
+}
+
 if($app->auth->get_client_limit($userid, 'mailrouting') != 0)
 {
 	$items[] = array( 'title'  => 'Email Routing',
@@ -110,8 +124,8 @@ if($app->auth->get_client_limit($userid, 'spamfilter_wblist') != 0)
 		'html_id' => 'spamfilter_blacklist_list');
 }
 
-if($app->auth->is_admin()) {
-
+if($app->auth->is_admin())
+{
 	$items[] = array(  'title'  => 'User / Domain',
 		'target'  => 'content',
 		'link'     => 'mail/spamfilter_users_list.php',
@@ -191,7 +205,9 @@ $items[] = array( 'title'  => 'Mailbox traffic',
 	'target'  => 'content',
 	'link' => 'mail/mail_user_stats.php',
 	'html_id' => 'mail_user_stats');
-if($app->auth->get_client_limit($userid, 'backup') == 'y') {
+
+if($app->auth->get_client_limit($userid, 'backup') == 'y')
+{
         $items[] = array (
             'title'   => 'Backup Stats',
             'target'  => 'content',
@@ -206,8 +222,8 @@ $module['nav'][] = array( 'title' => 'Statistics',
 
 //**** Global filters menu
 $items = array();
-if($_SESSION['s']['user']['typ'] == 'admin') {
-
+if($app->auth->is_admin())
+{
 	$items[] = array(   'title'  => 'Postfix Whitelist',
 		'target'  => 'content',
 		'link'     => 'mail/mail_whitelist_list.php',
diff --git a/interface/web/mail/list/mail_whitelist.list.php b/interface/web/mail/list/mail_whitelist.list.php
index e27edad6dabee79f085dc64b67a96eabad31723c..61f1d9f2618cbdefebe2e9705c644b25e8384402 100644
--- a/interface/web/mail/list/mail_whitelist.list.php
+++ b/interface/web/mail/list/mail_whitelist.list.php
@@ -78,17 +78,32 @@ $liste["item"][] = array( 'field'  => "source",
 	'op'  => "like",
 	'prefix' => "%",
 	'suffix' => "%",
+	'datasource' => array (  'type' => 'SQL',
+		'querystring' => 'SELECT access_id,source FROM mail_access WHERE {AUTHSQL} ORDER BY source',
+		'keyfield'=> 'access_id',
+		'valuefield'=> 'source'
+	),
 	'width'  => "",
 	'value'  => "");
 
-$liste["item"][] = array( 'field'  => "type",
-	'datatype' => "VARCHAR",
-	'formtype' => "SELECT",
-	'op'  => "=",
-	'prefix' => "",
-	'suffix' => "",
-	'width'  => "",
-	'value'  => array('recipient' => 'recipient_txt', 'sender' => 'sender_txt', 'client' => 'client_txt'));
-
+if ($app->auth->is_admin()) {
+	$liste["item"][] = array( 'field'  => "type",
+		'datatype' => "VARCHAR",
+		'formtype' => "SELECT",
+		'op'  => "=",
+		'prefix' => "",
+		'suffix' => "",
+		'width'  => "",
+		'value'  => array('recipient' => 'recipient_txt', 'sender' => 'sender_txt', 'client' => 'client_txt'));
+} else {
+	$liste["item"][] = array( 'field'  => "type",
+		'datatype' => "VARCHAR",
+		'formtype' => "SELECT",
+		'op'  => "=",
+		'prefix' => "",
+		'suffix' => "",
+		'width'  => "",
+		'value'  => array('recipient' => 'recipient_txt', 'sender' => 'sender_txt'));
+}
 
 ?>
diff --git a/interface/web/mail/mail_whitelist_del.php b/interface/web/mail/mail_whitelist_del.php
index 06ce88550bcef2a2e00d674759ddf310842bba3a..94be228f67035481bbfc4dd24057b325ce8a8445 100644
--- a/interface/web/mail/mail_whitelist_del.php
+++ b/interface/web/mail/mail_whitelist_del.php
@@ -42,8 +42,6 @@ $tform_def_file = "form/mail_whitelist.tform.php";
 require_once '../../lib/config.inc.php';
 require_once '../../lib/app.inc.php';
 
-if($_SESSION["s"]["user"]["typ"] != 'admin') $app->error('This function needs admin privileges');
-
 //* Check permissions for module
 $app->auth->check_module_permissions('mail');
 
diff --git a/interface/web/mail/mail_whitelist_edit.php b/interface/web/mail/mail_whitelist_edit.php
index 35fa825ec78cbdb8d237594cd276ae94ce9199b2..37aaf2575468c3de4af6ac982ec6d2c539c98415 100644
--- a/interface/web/mail/mail_whitelist_edit.php
+++ b/interface/web/mail/mail_whitelist_edit.php
@@ -50,19 +50,11 @@ $app->load('tform_actions');
 
 class page_action extends tform_actions {
 
-	function onShowNew() {
-		global $app, $conf;
-
-		if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin privileges');
-		
-		parent::onShowNew();
-	}
+	protected $client_allowed_types = array( 'recipient', 'sender' );
 
 	function onBeforeUpdate() {
 		global $app, $conf;
 
-		if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin privileges');
-		
 		//* Check if the server has been changed
 		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
 		$rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ?", $this->id);
@@ -77,7 +69,26 @@ class page_action extends tform_actions {
 	function onSubmit() {
 		global $app, $conf;
 
-		if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin privileges');
+		// Non-admin checks
+		if($_SESSION["s"]["user"]["typ"] != 'admin') {
+			// Non-admin can only use type 'sender' or 'recipient' and address must belong to the client's domains
+			if(! in_array($this->dataRecord["type"], $this->client_allowed_types)) {
+				$app->tform->errorMessage .= $app->lng('Whitelist type requires admin permissions');
+			}
+			// address must be valid email
+			if(! filter_var( $this->dataRecord["source"], FILTER_VALIDATE_EMAIL )) {
+				$app->tform->errorMessage .= $app->lng('Invalid address: must be a valid email address');
+			}
+			$tmp = explode('@', $this->dataRecord["source"]);
+			$domain = trim( array_pop($tmp) );
+			$AUTHSQL = $app->tform->getAuthSQL('r');
+			$rec = $app->db->queryOneRecord("SELECT domain_id from mail_domain WHERE ${AUTHSQL} AND domain = ?", $domain);
+			// address must belong to the client's domains
+			if(! (is_array($rec) && isset($rec['domain_id']) && is_numeric($rec['domain_id']))) {
+				$app->tform->errorMessage .= $app->lng('Invalid address: you have no permission for this domain.');
+			}
+			unset($rec);
+		}
 
 		if(substr($this->dataRecord['source'], 0, 1) === '@') $this->dataRecord['source'] = substr($this->dataRecord['source'], 1);
 
diff --git a/interface/web/mail/mail_whitelist_list.php b/interface/web/mail/mail_whitelist_list.php
index 73877797b4c97e40a333427c4e606793d70e2651..4fd33dd977b0259f46c83c2f2634ff787a9f7910 100644
--- a/interface/web/mail/mail_whitelist_list.php
+++ b/interface/web/mail/mail_whitelist_list.php
@@ -12,8 +12,6 @@ $list_def_file = "list/mail_whitelist.list.php";
 * End Form configuration
 ******************************************/
 
-if($_SESSION["s"]["user"]["typ"] != 'admin') $app->error('This function needs admin privileges');
-
 //* Check permissions for module
 $app->auth->check_module_permissions('mail');