I've been manually updating whitelists for cluebringer by searching out published SMTP server lists from the major mail service providers.   It occurred to me that this was a very outdated method and quite labour intensive so I wrote a small Python program to create a more automated approach.  Manually updating data tends to be a task that is forgotten, too infrequently or postponed for higher priority tasks.

The logic is fairly simple and might be something worth adding to iRedMail's maintenance scripts.   Essentially it does the following:

* provide a list of top level domains to be whitelisted  (twitter.com, google.com, facebook.com, etc...)
* drop the current whitelist table
* create a new table
* get the SPF record for each domain
* parse the record for IP addresses and add them to the whitelist table, recording the source domain in the comment field, and ignoring duplicates
* parse the record for INCLUDE and REDIRECT directives and insert those after the current domain record

I've found it takes about 3 to 5 seconds to collect the valid servers for about 30 domains and rebuild the list.

With this approach you can run the update script with whatever frequency seems appropriate to pick up new servers for the major services.   I've also found this useful for whitelisting smaller SaaS providers like help desks, accounting systems, etc...

My script would need some refinement since I wrote it in Python3 and I hard coded my top level domain list, but I think the approach is sound and the logic fairly straight forward and easy to replicate.