I am using Greylisting since quite some time to keep malware away and I have to admit, it is a blessing:
As many malware and spam programs do not respect the RFC, they just try to deliver their load just once – so they fail and we do not have to do analytics work on it.
The rest of the spam, that comes through by now can be easily processed by my mailfilters. I used postgrey as greylisting daemon. But to be honest, it wasn’t the perfect solution due to the database format. Now I have found SQLgrey, which is a greylisting daemon for postfix too. The big advantage of it is, that it is using a MySQL Backend which can be accessed by a huge number of programs if needed.