Set your GMail contacts to be whitelisted in Postfix
Posted: 22 Jul 2011, 12:16
N.b. Due to dependency issues, this will currently only work on a B3 but should work on B2 once the upgrade to Debian squeeze has been released.
This might be a bit of a niche use case but it's useful to me so may be to others.
I run my B3 as a mail server and use Google Mail to sync my contacts between Thunderbird, iPhone, iPad and roundcube web mail on the B3.
The default spam blocking on the B3 is a little oversensitive and I found that some emails from trusted contacts were being blocked* so I've written a script that will add all the email addresses in my Google Contacts to a whitelist for Postfix. I can then run this script once a week so it picks up any new contacts I've added.
First, you need to install the package python-gdata. You will need to enable the squeeze repositories if you haven't already by adding these lines to /etc/apt/sources.list:
then run:
Now you need to download the most recent deb package of GoogleCL from here: http://code.google.com/p/googlecl/downloads/list
If you're doing this directly from your B3 then do this:
Then as root (type su and enter the root password):
Assuming the packages all installed correctly you now need to authorise GoogleCL against your Google account.
Enter this command:
You will be prompted for your Google username and then given a URL. Browse to this URL and sign in. You will then be given a verification code to enter into the GoogleCL prompt.
Once you've entered your verification code your contacts should all be listed.
Run the command again and this time it should work straight away.
Assuming the above worked you now need to get the list of email addresses formatted in such as way that Postfix will accept it.
We can do this using sed to manipulate the output of the GoogleCL command.
Enter this command:
This should give you a single column of email addresses with "OK" at the end of each. If you've added any custom labels to a contact's email address (i.e. not "home", "work" or "other")you will need to add an extra line for each one. Something like:
after the line for the "other" label.
You now need to add this to a script.
In a text editor (.e.g. nano) - nano /path/to/script/googlewhitelist.sh - enter the following (remembering to include your custom lines if necessary):
If you understand the code, you will see I've also added the ability to whitelist or blacklist domains or email addresses that aren't in Google contacts by listing them in files called "rejectedemails" or "acceptedemails".
You can add specific email addresses to these files or whole domains by just adding the domain part of the email address. E.g:
Finally, you need to tell Postfix to look at the database you'll be generating (sender_access.db). Edit the file /etc/postfix/main.cf. After the line that says " reject_unknown_recipient_domain" add this:
Save the file and exit.
If you run the script you've just written (sh googlewhitelist.sh) it should run through without any hiccups.
Assuming this all works, you can add it to cron.weekly, cron.monthly or create a more specific schedule using a crontab file.
*There is also a post in the forum about changing the DNS blacklists. I suggest everyone at least removes SORBS - http://forum.excito.net/viewtopic.php?f ... rbs#p14546
This might be a bit of a niche use case but it's useful to me so may be to others.
I run my B3 as a mail server and use Google Mail to sync my contacts between Thunderbird, iPhone, iPad and roundcube web mail on the B3.
The default spam blocking on the B3 is a little oversensitive and I found that some emails from trusted contacts were being blocked* so I've written a script that will add all the email addresses in my Google Contacts to a whitelist for Postfix. I can then run this script once a week so it picks up any new contacts I've added.
First, you need to install the package python-gdata. You will need to enable the squeeze repositories if you haven't already by adding these lines to /etc/apt/sources.list:
Code: Select all
deb http://ftp.se.debian.org/debian squeeze main
deb http://ftp.se.debian.org/debian squeeze contrib
deb http://ftp.se.debian.org/debian squeeze non-free
Code: Select all
aptitude update
aptitude install python-gdata
If you're doing this directly from your B3 then do this:
Code: Select all
cd /home/admin/downloads
wget http://googlecl.googlecode.com/files/googlecl_0.9.13-1_all.deb
Code: Select all
dpkg -i googlecl_0.9.13-1_all.deb
Enter this command:
Code: Select all
google contacts list --title=
Once you've entered your verification code your contacts should all be listed.
Run the command again and this time it should work straight away.
Assuming the above worked you now need to get the list of email addresses formatted in such as way that Postfix will accept it.
We can do this using sed to manipulate the output of the GoogleCL command.
Enter this command:
Code: Select all
google contacts list --title= --fields=email | \
grep -i @ | \
sed -e 's/;/\n/' | \
sed -e 's/;/\n/' | \
sed -e 's/home//' | \
sed -e 's/work//' | \
sed -e 's/other//' | \
sed 's/^[ \t]*//' | \
sed 's/[ \t]*$//' | \
sed 's/$/ OK/g'
Code: Select all
sed -e 's/custom//' | \
You now need to add this to a script.
In a text editor (.e.g. nano) - nano /path/to/script/googlewhitelist.sh - enter the following (remembering to include your custom lines if necessary):
Code: Select all
#!/bin/bash
google contacts list --title= --fields=email | \
grep -i @ | \
sed -e 's/;/\n/' | \
sed -e 's/;/\n/' | \
sed -e 's/home//' | \
sed -e 's/work//' | \
sed -e 's/other//' | \
sed 's/^[ \t]*//' | \
sed 's/[ \t]*$//' | \
sed 's/$/ OK/g' > /etc/postfix/sender_access
for EMAIL in `cat /home/admin/scripts/rejectedemails`
do
echo $EMAIL | sed 's/$/ REJECT/g' >> /etc/postfix/sender_access
done;
for EMAIL in `cat /home/admin/scripts/acceptedemails`
do
echo $EMAIL | sed 's/$/ OK/g' >> /etc/postfix/sender_access
done;
postmap hash:/etc/postfix/sender_access
/etc/init.d/postfix restart
You can add specific email addresses to these files or whole domains by just adding the domain part of the email address. E.g:
Code: Select all
dave@gmail.com
yahoo.com
hotmail.com
Code: Select all
check_sender_access
hash:/etc/postfix/sender_access
If you run the script you've just written (sh googlewhitelist.sh) it should run through without any hiccups.
Assuming this all works, you can add it to cron.weekly, cron.monthly or create a more specific schedule using a crontab file.
Code: Select all
chmod +x googlewhitelist.sh
ln -s /home/admin/scripts/googlewhitelist.sh /etc/cron.weekly/googleswhitelist