Greylisting is a process in which systems attempting to connect to your server to deliver mail for the first time are treated differently to known peers, delaying their mail. If the sending mail server is standards-compliant, it will re-send the e-mail, and the server will accept it. Most spam mailers, however, don't re-send the mail, and so the spam is blocked. Servers that re-send the mail will be added to a white list, and will not be delayed in future. This means that the first e-mail from a given sender will be delayed, but subsequent ones will not be.
Greylisting for postfix is typically implemented by using the the mail-filter/postgrey package, so first install that:
emerge --ask mail-filter/postgrey
By default postgrey listens to port 10030. This can be changed by modifying POSTGREY_PORT variable in /etc/conf.d/postgrey.
Next, we need to start it, and set it to start automatically.
rc-update add postgrey default
Now we have to tell postfix to use it, by adding the
check_policy_service inet:127.0.0.1:10023 entry to the existing
smtpd_recipient_restrictions directive in your main.cf file, as follows.
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, check_policy_service inet:127.0.0.1:10023, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, permit
Finally, tell postfix to reload its configuration for the changes to take effect.
By using reload instead of restart, we are advised of any syntax errors we may have accidentally introduced and the daemon stays running under its current configuration instead of going down, which is what would happen if we used restart with a syntax error in main.cf!