The Pretty Good Privacy (PGP) system allows one to sign and encrypt any kind of text, and is particularly useful for certifying and protecting emails.
This article describes how to use it to filter incoming email with procmail, so that messages that you receive and have been signed by somebody you know gets marked in a specific way - with an additional header. This is particularly useful in combination with spam-fighting techniques to avoid that legitimate emails be marked wrongly as spam. Note that its reliance on PGP is specifically useful to counter forgeries, which more simple whitelists can't deal with.
Please send comments, bug reports and suggestions to dom@w3.org.
To set up this whitelist system, you need:
gnupg
from now on, but the system should be adaptable to other clients as wellgnupg
, you would import a key using gpg --recv-key key_id, provided that you have a configured PGP server to get the keys fromThe system we're setting up does the following actions:
From
header is in our trusted list (.pgp-whitelist
)mailverify
script)X-Whitelist: Yes
header, after having made sure that the incoming mail didn't have such a headerThe mailverify
script used to make the check can be downloaded from W3C CVS Public server. This is where you would need to change the call to your PGP client if it is not invoked as gpg
.
The .pgp-whitelist
is assumed to be in your home directory; change the path in the PGP_WHITELIST
variable below if it isn't so. Its content is a list of email addresses (one per line) that you trust and want to be whitelisted if you receive properly signed mail from them.
The relevant procmail
rules to add to your .procmailrc
configuration file are below; they should be added before your set up for identifying spam if you do so using procmail
too.
##########################################################################
# whitelist
PGP_WHITELIST=$HOME/.pgp-whitelist
#looking from spam, but blessing sender from my white list
# by setting a X-Whitelist header
# First, removing fake headers
:0 fwh
* ^X-Whitelist
| formail -IX-Whitelist
# checking for people with a trusted PGP key
FROM=`formail -XFrom: | formail -r -xTo: | tr -d ' '`
PGP_OK=`$HOME/bin/mailverify 1>/dev/null && echo 1`
:0
* ? egrep -q "$FROM" $PGP_WHITELIST
* ? test -n "$PGP_OK"
{
:0 fwh
| formail -a"X-Whitelist: Yes"
}
Any mail processing done after these rules can assume that a mail with a X-Whitelist: Yes
header has been properly signed by someone you trust.
For instance, if you want to isolate such a mail from spam processing rules, you would enclose them inside :
:0
* !^X-Whitelist: Yes
{
# your anti-spam rules
}
The following improvements could be added to the system - let me know if you have implemented them:
.pgp-whitelist
directly from the trusted/signed keys in your keys databasesa-learn --ham
) to raise its accuracy