SmarterMail is already capable of this, but you'll need to setup the RBL tests, along with rDNS, SPF (and not just a generic, but specific to the IP address used by the domain), DKIM, and DMARC. Once you do that, you'll be in great shape.

See my antispam document at: https://portal.chicagonettech.com/kb/a171/smartermail-antispam-settings-document.aspx

.
Also see my delivery document at:https://portal.chicagonettech.com/kb/a116/why-am-i-having-problems-getting-my-e-mail-delivered.aspx

So if an email has bounced through several email servers before reaching our email server, then will SmarterMail check each of the relay servers within the email header?  I found 2 spam today so far, and I've checked both of their headers.  Both emails have passed through at least one relay server, and just visually checking the IP addresses, I can tell that one email's original source IP address is from a region that I reject.
It's all well and good using probability and RBLs, but probability won't necessarily block some of the newer well crafted email messages, and RBLs won't block messages that have been relayed via Google, Microsoft, Yahoo, Symantec and a lot of other web-based mail services.  If RBLs could be used to target the original source of the email, not just looking at the last hop when the email was received, then RBLs would become more effective again.  Instead of having to use multiple RBLs to improve the probability, and using RBLs that include possible safe sites, it should be possible to use RBLs that give definitive answers about an IP address.  I believe that it should be easier to get a definitive answer if an email is SPAM by checking all relay IP addresses in the email header.  As more people use more hosted email services, it going to get harder to stop SPAM using RBLs because they won't block the big companies.  However RBLs can be used to block the original source, or VPN connection, or relay server(s) used in sending the message if all IP addresses are checked with the email header.
Probability can make things look good or bad.  I much prefer to know that something is definitely from a SPAM source and is rejected.  Once the majority of SPAM is totally blocked, then I'm happier to start using probability to reduce it further if required.  I find my users are getting easier to fool and SPAMmers are getting a lot smarter and craftier designing emails.  Laws of probability says that I will get a user triggering a virus from an email (even from a junk mail folder), so the more I can eliminate the better my odds should be.  If you rely upon the laws of probability all the time, then you are guaranteed to get valid email in the junk mail folder.  Then you have users to won't check the junk mail folder because as the name implies, it junk mail, or you get users who then will check everything and you're back to the start again trying to prevent users getting junk mail.
As for grey-listing, I think it's a complete waste of time against professional SPAMmers as they automatically retry anyway.  The only benefit is that during the grey-listing period, the SPAMmer's IP address may register on an RBL which it didn't earlier.
So this goes back to my original point, why not check all IP addresses (where it was received from and the relay servers) in the email header, against RBLs, country filter lists, etc, to prevent SPAM outright, instead of relying upon probability.  The other thing against using lots of RBLs to improve the probability score is that if your organisation, like where I work, is located where internet speed and bandwidth isn't very good, then you can't afford to continually run checks for anything.

 

Regards,

Dale.