Thanks I'll use it. However, it won't check that the server the mail comes from is mail.apache.org which is a weakness.
Yes, it is a weakness. Unfortunately, whitelist_to wasn't really written with mailing-lists in mind. It was more written with the idea of reducing FPs for a local user who subscribes to spammy newsletters.
Perhaps a "whitelist_to_rcvd" feature wouldn't be such a bad idea, since it would be useful for mailing lists.
