Possible to configure postgrey to only graylist .com addresses?
Is it possible to configure Postgrey to only graylist .com addresses?
e.g. essentially whitelist anything that comes from .edu, .org, .net, etc.?
98% of our spam comes from .com e-mail addresses, while 98% of our customers have .edu e-mail addresses. It would be ideal to only graylist .coms -- that would catch most SPAM while not slowing down e-mail from legitimate customers.
In addition to what already auto-discovered, I think it's useful to add some more details:
In the current official Postgrey TGZ you can find the included postgrey_whitelist_clients (I'm linking the file included in Debian package, just for reader convenience);
such file contains plenty of whitelist examples:
=> domain based, like:
microsoft.com
yahoo.com
=> sender IP based, like:
193.191.218.143
193.77.126.208
=> regexp based, like:
/^gateway\d+\.np4\.de$/
/^fmr\d+\.intel\.com$/
So, definitely, YES, you can whitelist several TLDs, actually in two different flavours:
1 => with domain approach (which I suggest):
edu
org
net
2 => with regexps:
/\.edu$/
/\.org$/
/\.net$/
(BTW: for a regexp introduction, you can start from the official source)
Also, please note that:
with some distribution (RedHat/CentOS for sure) it's not suggested to directly edit the postgrey_whitelist_clients but, instead, to add our own changes in /etc/postfix/postgrey_whitelist_clients.local. This, to avoid problems when the postgrey package will be updated by the distribution package manager.
in
largenot so little installations (eg.: when hosting several thousands mailboxes), the size of file-based-db used by Postgrey to keep track of SMTP connections, can became quite large (several gigabytes). This might be an issue, expecially if you plan to take your hands directly on such files (to "sanitize" the DB based on your not so common requirements). In such a case, you might prefer a SQL based greylisting engine like SQLGrey;when dealing with Greylisting, keep in mind that you might encounter some problems when senders are using large/distributed clusters (google, yahoo, microsoft, etc.) and rejected mail (from your postgrey) could result in additional, potentially-long, delays, as SMTP retries could get back from different IPs (different from the one originally used and tracked by postgrey). This, not to discourage the usage of greylisting, but simply... to let you know this might be an issue (...and that's why, I guess, original whitelist file contains above domains ;-).
I figured this out -- yes, it's possible.
In the postgrey_whitelist_clients
file, you can use regular expressions. For example, this is what we've implemented:
# Don't graylist .edu domains
/^.*\.edu$/
This graylists everything except domains ending with .edu
.