The problem with greylisting is that it delays subscription confirmation emails when you sign up for a new service. I found that to be more trouble than it was worth. YMMV.

For a greylisting that sends 451 before DATA, that is indeed a known problem.

My server sends 451 after DATA, and keeps a copy of greylisted message, as marked-as-read entry in separate folder. Those are deleted after few hours, or moved out after a successful delivery retry.

That's a good idea. I was using an off-the-shelf greylister that didn't work that way, but I might implement that strategy now that I'm doing everything myself.