let's suppose you trust the system's spam score to the extent that
- a low enough spam score is fairly-certainly correct
why not use a low enough threshold to have first-time senders pass by?
[/etc/exim4/conf.d/acl/40_exim4-config_check_data.rul]
>defer
> ...
> log_message = message deferred: probable spam and greylistd
> message = Message temporarily deferred
> condition = ${if and \
> {\
> { >{$spam_score_int}{75}}\
> {eq{grey}\
> {${readsocket{/var/run/greylistd/socket}\
> {${mask:$sender_host_address/24} \
> $sender_address \
> $local_part@$domain}\
> {5s}{}{}}\
> }\
> }\
> }\
> }
> delay = 4m
