diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index e0067e31..0b918792 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2176,206 +2176,6 @@ function get_spam_score($username) {
 		}
 	}
 }
-function set_whitelist($postarray) {
-	global $lang;
-	global $pdo;
-	$username	= $_SESSION['mailcow_cc_username'];
-	$whitelist_from	= trim(strtolower($postarray['whitelist_from']));
-	$whitelist_from = preg_replace("/\.\*/", "*", $whitelist_from);
-	if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['username_invalid'])
-		);
-		return false;
-	}
-	if (!ctype_alnum(str_replace(array('@', '.', '-', '*'), '', $whitelist_from))) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['whitelist_from_invalid'])
-		);
-		return false;
-	}
-	try {
-		$stmt = $pdo->prepare("SELECT `object` FROM `filterconf`
-			WHERE `option` = 'whitelist_from'
-				AND `object` = :username
-				AND `value` = :whitelist_from");
-		$stmt->execute(array(':username' => $username, ':whitelist_from' => $whitelist_from));
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-	}
-	catch(PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	if ($num_results != 0) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['whitelist_exists'])
-		);
-		return false;
-	}
-	try {
-		$stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)
-			VALUES (:username, 'whitelist_from', :whitelist_from)");
-		$stmt->execute(array(
-			':username' => $username,
-			':whitelist_from' => $whitelist_from
-		));
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	$_SESSION['return'] = array(
-		'type' => 'success',
-		'msg' => sprintf($lang['success']['mailbox_modified'], $username)
-	);
-}
-function delete_whitelist($postarray) {
-	global $lang;
-	global $pdo;
-	$username	= $_SESSION['mailcow_cc_username'];
-	$prefid		= $postarray['wlid'];
-	if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['username_invalid'])
-		);
-		return false;
-	}
-	if (!is_numeric($prefid)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['whitelist_from_invalid'])
-		);
-		return false;
-	}
-	try {
-		$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username AND `prefid` = :prefid");
-		$stmt->execute(array(
-			':username' => $username,
-			':prefid' => $prefid
-		));
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	$_SESSION['return'] = array(
-		'type' => 'success',
-		'msg' => sprintf($lang['success']['mailbox_modified'], $username)
-	);
-}
-function set_blacklist($postarray) {
-	global $lang;
-	global $pdo;
-	$username		= $_SESSION['mailcow_cc_username'];
-	$blacklist_from	= trim(strtolower($postarray['blacklist_from']));
-	$blacklist_from = preg_replace("/\.\*/", "*", $blacklist_from);
-	if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['username_invalid'])
-		);
-		return false;
-	}
-	if (!ctype_alnum(str_replace(array('@', '.', '-', '*'), '', $blacklist_from))) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['blacklist_from_invalid'])
-		);
-		return false;
-	}
-	try {
-		$stmt = $pdo->prepare("SELECT `object` FROM `filterconf`
-			WHERE `option` = 'blacklist_from'
-				AND `object` = :username
-				AND `value` = :blacklist_from");
-		$stmt->execute(array(':username' => $username, ':blacklist_from' => $blacklist_from));
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-	}
-	catch(PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	if ($num_results != 0) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['blacklist_exists'])
-		);
-		return false;
-	}
-	try {
-		$stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)
-			VALUES (:username, 'blacklist_from', :blacklist_from)");
-		$stmt->execute(array(
-			':username' => $username,
-			':blacklist_from' => $blacklist_from
-		));
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	$_SESSION['return'] = array(
-		'type' => 'success',
-		'msg' => sprintf($lang['success']['mailbox_modified'], $username)
-	);
-}
-function delete_blacklist($postarray) {
-	global $lang;
-	global $pdo;
-	$username	= $_SESSION['mailcow_cc_username'];
-	$prefid		= $postarray['blid'];
-	if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['username_invalid'])
-		);
-		return false;
-	}
-	if (!is_numeric($prefid)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['blacklist_from_invalid'])
-		);
-		return false;
-	}
-	try {
-		$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username AND `prefid` = :prefid");
-		$stmt->execute(array(
-			':username' => $username,
-			':prefid' => $prefid
-		));
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	$_SESSION['return'] = array(
-		'type' => 'success',
-		'msg' => sprintf($lang['success']['mailbox_modified'], $username)
-	);
-}
 function set_spam_score($postarray) {
 	global $lang;
 	global $pdo;
@@ -2429,6 +2229,107 @@ function set_spam_score($postarray) {
 		'msg' => sprintf($lang['success']['mailbox_modified'], $username)
 	);
 }
+function set_policy_list($postarray) {
+	global $lang;
+	global $pdo;
+
+	(isset($postarray['domain'])) ? $object = $postarray['domain'] : $object = $_SESSION['mailcow_cc_username'];
+	($postarray['object_list'] == "bl") ? $object_list = "blacklist_from" : $object_list = "whitelist_from";
+	$object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($postarray['object_from']))), '.'));
+	if (!filter_var($object, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($object)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['username_invalid'])
+		);
+		return false;
+	}
+	if (is_valid_domain_name($object)) {
+		if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => sprintf($lang['danger']['access_denied'])
+			);
+			return false;
+		}
+	}
+	if (isset($postarray['prefid'])) {
+		if (!is_numeric($postarray['prefid'])) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => sprintf($lang['danger']['access_denied'])
+			);
+			return false;
+		}
+		try {
+			$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid");
+			$stmt->execute(array(
+				':object' => $object,
+				':prefid' => $postarray['prefid']
+			));
+		}
+		catch (PDOException $e) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => 'MySQL: '.$e
+			);
+			return false;
+		}
+		$_SESSION['return'] = array(
+			'type' => 'success',
+			'msg' => sprintf($lang['success']['mailbox_modified'], $object)
+		);
+		return true;
+	}
+	if (!ctype_alnum(str_replace(array('@', '.', '-', '*'), '', $object_from))) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['policy_list_from_invalid'])
+		);
+		return false;
+	}
+	try {
+		$stmt = $pdo->prepare("SELECT `object` FROM `filterconf`
+			WHERE (`option` = 'whitelist_from'  OR `option` = 'blacklist_from')
+				AND `object` = :object
+				AND `value` = :object_from");
+		$stmt->execute(array(':object' => $object, ':object_from' => $object_from));
+		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+	}
+	catch(PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	if ($num_results != 0) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['policy_list_from_exists'])
+		);
+		return false;
+	}
+	try {
+		$stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)
+			VALUES (:object, :object_list, :object_from)");
+		$stmt->execute(array(
+			':object' => $object,
+			':object_list' => $object_list,
+			':object_from' => $object_from
+		));
+	}
+	catch (PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	$_SESSION['return'] = array(
+		'type' => 'success',
+		'msg' => sprintf($lang['success']['mailbox_modified'], $object)
+	);
+}
 function set_tls_policy($postarray) {
 	global $lang;
 	global $pdo;
diff --git a/data/web/inc/header.inc.php b/data/web/inc/header.inc.php
index ca6f7eb6..904a9761 100644
--- a/data/web/inc/header.inc.php
+++ b/data/web/inc/header.inc.php
@@ -4,7 +4,7 @@
 <meta charset="utf-8">
 <meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1">
-<title>mailcow UI - <?php echo gethostname() ?></title>
+<title>mailcow UI</title>
 <!--[if lt IE 9]>
 <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
 <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index 9fd62e68..484881c4 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -51,17 +51,8 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "user
 	if (isset($_POST["trigger_set_spam_score"])) {
 		set_spam_score($_POST);
 	}
-	if (isset($_POST["trigger_set_whitelist"])) {
-		set_whitelist($_POST);
-	}
-	if (isset($_POST["trigger_delete_whitelist"])) {
-		delete_whitelist($_POST);
-	}
-	if (isset($_POST["trigger_set_blacklist"])) {
-		set_blacklist($_POST);
-	}
-	if (isset($_POST["trigger_delete_blacklist"])) {
-		delete_blacklist($_POST);
+	if (isset($_POST["trigger_set_policy_list"])) {
+		set_policy_list($_POST);
 	}
 	if (isset($_POST["trigger_set_tls_policy"])) {
 		set_tls_policy($_POST);
diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php
index 83ca8bdc..b35a89a9 100644
--- a/data/web/lang/lang.de.php
+++ b/data/web/lang/lang.de.php
@@ -22,10 +22,8 @@ $lang['danger']['object_is_not_numeric'] = 'Wert %s ist nicht numerisch';
 $lang['success']['domain_added'] = 'Domain %s wurde angelegt';
 $lang['danger']['alias_empty'] = 'Alias-Adresse darf nicht leer sein';
 $lang['danger']['goto_empty'] = 'Ziel-Adresse darf nicht leer sein';
-$lang['danger']['blacklist_exists'] = 'Ein Backlist-Eintrag mit diesem Wert existiert bereits';
-$lang['danger']['blacklist_from_invalid'] = 'Backlist-Eintrag hat ungültiges Format';
-$lang['danger']['whitelist_exists'] = 'Ein Whitelist-Eintrag mit diesem Wert existiert bereits';
-$lang['danger']['whitelist_from_invalid'] = 'Whitelist-Eintrag hat ungültiges Format';
+$lang['danger']['policy_list_from_exists'] = 'Ein Eintrag mit diesem Wert existiert bereits';
+$lang['danger']['policy_list_from_invalid'] = 'Eintrag hat ungültiges Format';
 $lang['danger']['alias_invalid'] = 'Alias-Adrese ist ungültig';
 $lang['danger']['goto_invalid'] = 'Ziel-Adrese ist ungültig';
 $lang['danger']['alias_domain_invalid'] = 'Alias-Domain ist ungültig';
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index 23f02825..12313cfe 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -22,8 +22,8 @@ $lang['danger']['object_is_not_numeric'] = "Value %s is not numeric";
 $lang['success']['domain_added'] = "Added domain %s";
 $lang['danger']['alias_empty'] = "Alias address must not be empty";
 $lang['danger']['goto_empty'] = "Goto address must not be empty";
-$lang['danger']['blacklist_exists'] = "A blacklist record with that name exists";
-$lang['danger']['blacklist_from_invalid'] = "Blacklist record has invalid format";
+$lang['danger']['policy_list_from_exists'] = "A record with given name exists";
+$lang['danger']['policy_list_from_invalid'] = "Record has invalid format";
 $lang['danger']['whitelist_exists'] = "A whitelist record with that name exists";
 $lang['danger']['whitelist_from_invalid'] = "Whitelist record has invalid format";
 $lang['danger']['alias_invalid'] = "Alias address is invalid";
@@ -122,6 +122,7 @@ $lang['user']['spamfilter_table_rule'] = 'Rule';
 $lang['user']['spamfilter_table_action'] = 'Action';
 $lang['user']['spamfilter_table_empty'] = 'No data to display';
 $lang['user']['spamfilter_table_remove'] = 'remove';
+$lang['user']['spamfilter_table_add'] = 'Add item';
 $lang['user']['spamfilter_default_score'] = 'Spam score:';
 $lang['user']['spamfilter_green'] = 'Green: this message is not spam';
 $lang['user']['spamfilter_yellow'] = 'Yellow: this message may be spam, will be tagged as spam and moved to your junk folder';
diff --git a/data/web/user.php b/data/web/user.php
index 828b45d2..adc00c67 100644
--- a/data/web/user.php
+++ b/data/web/user.php
@@ -143,6 +143,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
 						data-slider-max="30"
 						data-slider-step="0.5"
 						data-slider-range="true"
+						data-slider-tooltip='always'
 						data-slider-id="slider1"
 						data-slider-value="[<?=get_spam_score($_SESSION['mailcow_cc_username']);?>]"
 						data-slider-step="1" />
@@ -189,11 +190,11 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
 					<form class="form-inline" method="post">
 					<div class="col-xs-6"><code><?=$whitelistRow['value'];?></code></div>
 					<div class="col-xs-6">
-						<input type="hidden" name="wlid" value="<?=$whitelistRow['prefid'];?>">
+						<input type="hidden" name="prefid" value="<?=$whitelistRow['prefid'];?>">
 						<?php
 						if ($whitelistRow['username'] != array_pop(explode('@', $username))):
 						?>
-							<input type="hidden" id="trigger_delete_whitelist" name="trigger_delete_whitelist">
+							<input type="hidden" name="trigger_set_policy_list">
 							<a href="#n" onclick="$(this).closest('form').submit()"><?=$lang['user']['spamfilter_table_remove'];?></a>
 						<?php
 						else:
@@ -213,10 +214,11 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
 				<div class="row">
 					<form class="form-inline" method="post">
 					<div class="col-xs-6">
-						<input type="text" class="form-control input-sm" name="whitelist_from" id="whitelist_from" placeholder="*@example.org" required>
+						<input type="text" class="form-control input-sm" name="object_from" id="object_from" placeholder="*@example.org" required>
+						<input type="hidden" name="object_list" value="wl">
 					</div>
 					<div class="col-xs-6">
-						<button type="submit" id="trigger_set_whitelist" name="trigger_set_whitelist" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
+						<button type="submit" id="trigger_set_policy_list" name="trigger_set_policy_list" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
 					</div>
 					</form>
 				</div>
@@ -253,11 +255,11 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
 					<form class="form-inline" method="post">
 					<div class="col-xs-6"><code><?=$blacklistRow['value'];?></code></div>
 					<div class="col-xs-6">
-						<input type="hidden" name="blid" value="<?=$blacklistRow['prefid'];?>">
+						<input type="hidden" name="prefid" value="<?=$blacklistRow['prefid'];?>">
 						<?php
 						if ($blacklistRow['username'] != array_pop(explode('@', $username))):
 						?>
-							<input type="hidden" id="trigger_delete_blacklist" name="trigger_delete_blacklist">
+							<input type="hidden" name="trigger_set_policy_list">
 							<a href="#n" onclick="$(this).closest('form').submit()"><?=$lang['user']['spamfilter_table_remove'];?></a>
 						<?php
 						else:
@@ -276,10 +278,11 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
 				<div class="row">
 					<form class="form-inline" method="post">
 					<div class="col-xs-6">
-						<input type="text" class="form-control input-sm" name="blacklist_from" id="blacklist_from" placeholder="*@example.org" required>
+						<input type="text" class="form-control input-sm" name="object_from" id="object_from" placeholder="*@example.org" required>
+						<input type="hidden" name="object_list" value="bl">
 					</div>
 					<div class="col-xs-6">
-						<button type="submit" id="trigger_set_blacklist" name="trigger_set_blacklist" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
+						<button type="submit" id="trigger_set_policy_list" name="trigger_set_policy_list" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
 					</div>
 					</form>
 				</div>