I think that greylisting gets a different kind of approach.
Error 4.x.x is a temporary reject during delivery to Postfix. If it’s legitimate message, the MTA will try again in a correct time.
The greylisting should be bypassed when :
- the message comes from an already know legitimate server as assured by SPF
- the message comes with verified DKIM key
- DMARC says “'verythingallright, pal!”