Why do I want Greylisting? Why does the UTM Greylist everything not rejected?

Question

I am fully aware of what Greylisting is, but I am asking myself why would I want to use it and MOST IMPORTANTLY does the Sophos UTM SMTP Proxy use it by default or is it due to something I failed to setup correctly on the UTM or even another problem like Sender Verification failing and triggering Greylisting as a slow alternate method of sender verification??? While a great idea in principle, it caused at least a 7 minute delay in delivery to valid recipients and is not something I think I should have to live with as a default action.

I can bypass Greylisting by unchecking it in the profile since I am using profiles for more granularity. As an alternative, I can add all valid recipients to an exception rule Skipping: Greylisting FOR these recipient addresses. Can someone suggest a better way?

My question is: Is Greylisting everything a default action for all mail handled by the SMTP proxy or is there something that needs to be configured in the UTM to keep it from happening?

Finally, what is the consequence of disabling it?

Any help appreciated.

This thread was automatically locked due to age.

BAlfson · Answer

"I think we can infer that if a message fails the spam check , the sender is given a PermFail (do not retry) response instead of a graylisting (try later) response." 
 That seems to be the case, but it probably depends on the selections for 'Reject at SMTP time' and 'Confirmed spam action'. It's curious that the anti-spam & anti-malware scans are repeated when greylisted emails are resent and successfully considered even when bot anti-spam actions are set to 'Blackhole' and 'Reject at SMTP time' is set to "Spam." I see that in a client's SMTP log where they've used greylisting for years. 
 Statistics from the this client that sends and receives many hundreds of emails per day: 1.3% of SMTP connection from lines led to greylisting and only 43.7% of those were resent. There's such a small percentage greylisted because many were rejected at SMTP time (77.7% of SMTP connections) before they could have been temporarily rejected (greylisted). 96.6% of rejections are from RBL, RDNS and address verification. Only 3.3% of rejections are from anti-spam , so the greylisting percentage would probably be about the same if 'Reject at SMTP time' were set to "Confirmed Spam" and anti-spam actions were set to "Quarantine." 
 It seems safe to suggest that once greylisting has been used for awhile, less than 2% of SMTP connections would be temporarily rejected. The 15% I saw in my post above covered only the first 4 days after enabling greylisting. 
 The IP,Sender,Recipient triplet is cached. The From field comes after DATA in the SMTP conversation. Sender in the foregoing triplet is the content of the MAIL FROM: line sent prior to RCPT TO: . 
 Cheers - Bob