2

The postgrey manual sais:

--auto-whitelist-clients=N whitelist host after first successful delivery N is the minimal count of mails before a client is whitelisted (turned on by default with value 5) specify N=0 to disable.

As I understand, this would for example automatically whitelist gmail.com completely, whenever I get 5 emails from different gmail users. Isn't that dangerous?, because there are a lot of spammers sending from that host.

rubo77
  • 2,282
  • 3
  • 32
  • 63

1 Answers1

1

No. This is not a problem.

Actually, all large entities could just be in your /etc/postgrey/whitelist_clients because you do not have a choice. Their mail server will anyway re-send emails and thus it won't make any difference. You will always receive those emails.

Where Postgrey is useful is with stupid mail server created by spammers. Those mail server will get a 450 and abandon the feat completely (more and more they do it right, though, and try again just like normal mail servers...)

Any mail server that is capable of registering the 450 reply and re-send the email a few minutes later (or 12 hours later... it will depend on the sender's server setup!) can 100% safely be white listed forever. It will make no difference (except that you will reply with a 450 once in a while when your server should already know that it won't be necessary to do that, so it's actually a waste if you do the 450 against servers that do not require it!)

Additionally one reason to have a temporary whitelist is to make sure that if a server changes hands and is now owned by a spammer, Postgrey can reacted accordingly. For systems like gmail, hotmail, yahoo, that won't ever happen.

I actually find it annoying that Postgrey forgets hosts all the time... because my same customers have to go through Postgrey again each time they send me a new email a few months later. So I use this option to limit the amount of time that postgrey will remember that host:

--max-age=N delete entries older than N days since the last time that they have been seen (default: 35)

rubo77
  • 2,282
  • 3
  • 32
  • 63
Alexis Wilke
  • 2,057
  • 1
  • 18
  • 33
  • OK. So you are sure there is no way a spammer can send an email in the name of gmail.com although he really isn't sending from that server and this way whiteist gmail.com and get through after 5 times from then on? – rubo77 Apr 24 '17 at 04:33
  • @rubo77, ah, that's a different question. To prevent spammers pretending to be X when they really are Y (or nobody, which is more common) you have to have `reject_unknown_sender_domain` and I also have `reject_unknown_recipient_domain` in my `smtpd_relay_restrictions` variable. These have nothing to do with Postgrey. Search for those options and others that can be added to `main.cf` in the `smtpd_relay_restrictions` variable. – Alexis Wilke Apr 24 '17 at 08:10
  • ah ok. I already have them in my `smtpd_recipient_restrictions`, `smtpd_helo_restrictions` and `smtpd_sender_restrictions`. there is no `smtpd_relay_restrictions` in my [/etc/postfix/main.cf`](http://paste.toppoint.de/?dca2553cda90dc90#L7RwsyH6aYKMXeVCb/A/OVvOSDQuPShKrv7wgga51aU=) – rubo77 Apr 27 '17 at 09:38