Destination Server by sender

[D3s7]

we are currently using GFI products for some of our spam detection / potentially dangerous email checks however, the one product "Mail Security" has no whitelist function leaving me to approve 500-700 emails a day.

What I'd like to do is setup a toaster as a gateway that does the initial blacklist checks and whitelist checks (this much I've done before).  The twist I'd like to do on this though is route the mail differently if it's in the whitelist.  White listed email goes directly to the mail server but non-white listed mail goes to our GFI filters for further tests.

The way I thought about it was having spamassassin flag it if it was white listed then have PROCMAIL route it accordingly.  I've done things like this but only when it's delivered locally...

I'm open to suggestions on the best route to go with this

[D3s7]

This ability has recently went from a "would be cool" to a "breathing down my back on when it's done"..

I'm still looking for options but running out of thoughts...

What I'm wondering is would it be possible to add my domains locally instead of remote, then do this via a maildrop filter...

Basically what needs to happen is:
Mail comes in to RBL, checks the RBL list.
If OK, check if whitelisted (or if from specific domains, even if I have to hardcode them). 
    IF Yes, Forward to host XXXX
    If No, Forward to host YYYY

I know the increased chances of problems if someone finds this out and forges the "from" headers but, that's a risk that mgmt is willing to take...

Any thoughts?

[D3s7]

well i found a solution... not the best in the world but it does work...

I created my domain as a local domain (XXX.com) with a maildir
I created a "catchall" account for that domain that pulls in all mail...
wrote a little python script that queries a mysql table for a list of domain names and/or email addresses to bypass..

wrote a local maildrop script that calls said python script passng the sender information.
If it returns a match, then the mail is routed to Maildir/.Bypass... if not routed to Maildir

installed cron jobs for serialsmtp to pull from those two Maildir's and foward the mail to correct mail server (after making some changes to serialsmtp because it expected certain headers in certain locations which just wouldn't work)

it works but seems sloppy to me.... I'll be interested to see what it does under load..

[jerm]

if your whitelisted domains are big enough to have their own mailservers, or are on 'trustable' mailservers then you could do this at the firewall level if your firewall will let you get this granular.

whitelist is keps ac an acces slist in the firewall, if connecting from IP on whitelist, nat directly to my delivery mailserver (probably still want an AV check in there), and if not, nat to my full-scan server.

it's firewall dependant, PIX doesn't currently do this but RouterOS and pf will.. i don't know about others.