bjoyce
> Greylist seems to work well.
>... now the last 6 hours the average of spam has dropped to .08. a 90% reduction.
> I'm impressed.
Greylisting does function as designed & will reduce spam to near zero, the problem is that not all mail servers function predictably. Unless you monitor mail that you have not received (and how do you do that ?) you are going to loose messages. People will complain about you not replying to their email and that's when you discover you never received their message.
Unreliable (ie broken) mail servers will not necessarily retry and even send from a different server IP, therefore disrupting the greylisting delay function ie the second message gets delayed again as it is from a different server IP and so on for large email systems with many servers.
Mails servers have different retry periods (some in days), so there is no guarantee how quickly you will receive the second message (after the first rejection).
You can set the delay time as low as you like, but that's not going to change the retry time of a broken mail server (and there are quite a few of them out there).
You can & will need to monitor rejections and then monitor the subsequent acceptance (whenever that occurs), so you will be busy constantly going through email log files, and then maintaining extensive whitelists to work around problematic mail servers.
Good luck !