Do my whitelist entries need to be in the local.cf file, or can I create a separate file called whitelist.cf? I'd like to create a web interface where this whitelist file is generated by PHP.
SpamAssassin will read /etc/spamassassin/*.cf not just local.cf. Thus, you may use as many as you like, with whatever names you like.
I'd avoid creating duplicate options with conflicting values in the same directory, but SA will parse the files in alpha order, and the last one read will win in the event of conflict.
