This Docker image runs Postgrey from the Mail-In-A-Box PPA. That version of Postgrey includes a patch which makes use of DNSWL.org for additional whitelisting.
docker run -d -p 10023:10023 mazzolino/postgrey-dnswl
Now Postgrey is listening on port 10023 for Postfix access policy connections. It should be added to Postfix's main.cf like this:
smtp_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:10023
Note: Postgrey probably shouldn't be exposed externally on your host. So instead of exposing the port, use the container network IP or create a Docker network for connecting to the daemon.