Using PGP for whitelists with Procmail

The Pretty Good Privacy (PGP) system allows one to sign and encrypt any kind of text, and is particularly useful for certifying and protecting emails.

This article describes how to use it to filter incoming email with procmail, so that messages that you receive and have been signed by somebody you know gets marked in a specific way - with an additional header. This is particularly useful in combination with spam-fighting techniques to avoid that legitimate emails be marked wrongly as spam. Note that its reliance on PGP is specifically useful to counter forgeries, which more simple whitelists can't deal with.

Please send comments, bug reports and suggestions to dom@w3.org.

Requirements

To set up this whitelist system, you need:

• a working procmail environment, set up to filter your incoming email
• on the same computer as procmail, an implementation of PGP; we assume it is gnupg from now on, but the system should be adaptable to other clients as well
• the set of keys of person you trust imported in your PGP environment; with gnupg, you would import a key using gpg --recv-key key_id, provided that you have a configured PGP server to get the keys from

Set up

The system we're setting up does the following actions:

1. for any email it receives, it checks if the sender given in the From header is in our trusted list (.pgp-whitelist)
2. if it is, it checks whether the mail is signed and if it is, whether it is correctly so (with the mailverify script)
3. if it is, it adds a X-Whitelist: Yes header, after having made sure that the incoming mail didn't have such a header

The mailverify script used to make the check can be downloaded from W3C CVS Public server. This is where you would need to change the call to your PGP client if it is not invoked as gpg.

The .pgp-whitelist is assumed to be in your home directory; change the path in the PGP_WHITELIST variable below if it isn't so. Its content is a list of email addresses (one per line) that you trust and want to be whitelisted if you receive properly signed mail from them.

The relevant procmail rules to add to your .procmailrc configuration file are below; they should be added before your set up for identifying spam if you do so using procmail too.

##########################################################################
# whitelist

PGP_WHITELIST=$HOME/.pgp-whitelist

#looking from spam, but blessing sender from my white list
# by setting a X-Whitelist header

# First, removing fake headers
:0 fwh
* ^X-Whitelist
| formail -IX-Whitelist

# checking for people with a trusted PGP key
FROM=`formail -XFrom: | formail -r -xTo: | tr -d ' '`
PGP_OK=`$HOME/bin/mailverify 1>/dev/null && echo 1`
:0
* ? egrep -q "$FROM" $PGP_WHITELIST
* ? test -n "$PGP_OK"
{
   :0 fwh
   | formail -a"X-Whitelist: Yes"
}

Any mail processing done after these rules can assume that a mail with a X-Whitelist: Yes header has been properly signed by someone you trust.

For instance, if you want to isolate such a mail from spam processing rules, you would enclose them inside :

:0
* !^X-Whitelist: Yes
{
# your anti-spam rules
}

Todo

The following improvements could be added to the system - let me know if you have implemented them:

• get the .pgp-whitelist directly from the trusted/signed keys in your keys database
• feed the PGP-signed mail to a bayesian learning anti-spam system (e.g. sa-learn --ham) to raise its accuracy

See also

• Using PGP to approve automatically archival challenges from lists in W3C
• FOAF-based whitelists