From fc32cf5bccf2362603a9970e6100583775be1ab4 Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Sun, 3 May 2015 14:21:36 +0000
Subject: [PATCH] permit the first user account to be a domain control
 validation address because a) it will necessarily be an admin and b) the user
 doesn't know the rules yet

---
 management/mailconfig.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/management/mailconfig.py b/management/mailconfig.py
index 48f87e4a..90c3824b 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -254,9 +254,10 @@ def add_mail_user(email, pw, privs, env):
 		return ("Invalid email address.", 400)
 	elif not validate_email(email, mode='user'):
 		return ("User account email addresses may only use the ASCII letters A-Z, the digits 0-9, underscore (_), hyphen (-), and period (.).", 400)
-	elif is_dcv_address(email):
+	elif is_dcv_address(email) and len(get_mail_users(env)) > 0:
 		# Make domain control validation hijacking a little harder to mess up by preventing the usual
-		# addresses used for DCV from being user accounts.
+		# addresses used for DCV from being user accounts. Except let it be the first account because
+		# during box setup the user won't know the rules.
 		return ("You may not make a user account for that address because it is frequently used for domain control validation. Use an alias instead if necessary.", 400)
 
 	# validate password