Automagically whitelist recipients from postfix in Spamassassin

We used to have a problem with people sending out email to new contacts, and afterwards find the reply in their spambox. To solve this problem, I wrote a perl script that can be used as a policy daemon with postfix.

The script always returns DUNNO, but based on the SASL username it queries and updates the "whitelist_from" field in the Spamassassin userprefs. Since the SASL username is used, this works on a per-user basis. This script assumes that you're storing the Spamassassin userprefs data in a database. If you use files, then it won't work.

Download the script here.

Update It appears that spammers sometimes use a From header with an email address in your own domain. If you have send mail to that address, then the spam will make it to your INBOX. To defeat this, you need to adapt the filter a bit, to not whitelist addresses in certain domains. If have put that in the script now, you have to comment it out and adapt it of course.

First define the filter in master.cf:
whitelist       unix    -       n       n       -       -       spawn
        user=nobody argv=/usr/lib/postfix/whitelist_sasl.pl
Only apply to senders in your own domain, by adding it to sender_access:
terena.org      insiders

Then in main.cf define a "insiders" class and add it to the appropriate restriction:

smtpd_restriction_classes = insiders
insiders = check_policy_service unix:private/whitelist
smtpd_sender_restrictions =
	check_sender_access hash:/etc/postfix/sender_access
	permit_mynetworks
	etc etc

Debugging

If the script does not work, your best bet is to run it from the command line and see what exactly goes wrong. You will just have to pipe the same commands to the scripts as the policy service would do:

echo -e "request=smtpd_access_policy\nsasl_username=me\nrecipient=test@test.com\n" | ./whitelist_sasl.pl