The postgrey manual sais:
--auto-whitelist-clients=N whitelist host after first successful delivery N is the minimal count of mails before a client is whitelisted (turned on by default with value 5) specify N=0 to disable.
As I understand, this would for example automatically whitelist gmail.com completely, whenever I get 5 emails from different gmail users. Isn't that dangerous?, because there are a lot of spammers sending from that host.
No. This is not a problem.
Actually, all large entities could just be in your
/etc/postgrey/whitelist_clientsbecause you do not have a choice. Their mail server will anyway re-send emails and thus it won't make any difference. You will always receive those emails.Where Postgrey is useful is with stupid mail server created by spammers. Those mail server will get a 450 and abandon the feat completely (more and more they do it right, though, and try again just like normal mail servers...)
Any mail server that is capable of registering the 450 reply and re-send the email a few minutes later (or 12 hours later... it will depend on the sender's server setup!) can 100% safely be white listed forever. It will make no difference (except that you will reply with a 450 once in a while when your server should already know that it won't be necessary to do that, so it's actually a waste if you do the 450 against servers that do not require it!)
Additionally one reason to have a temporary whitelist is to make sure that if a server changes hands and is now owned by a spammer, Postgrey can reacted accordingly. For systems like gmail, hotmail, yahoo, that won't ever happen.
I actually find it annoying that Postgrey forgets hosts all the time... because my same customers have to go through Postgrey again each time they send me a new email a few months later. So I use this option to limit the amount of time that postgrey will remember that host: