Just an update for anyone who sees this thread, greylisting DOES now work on null senders. I updated 2 other threads with this, I forgot to update Kevin's 3rd post about greylisting and null senders.
Unfortunately SPF/DMARC use the return path as part of its spam checks. Without it they cannot work. I'm not sure where to go with this since, if we don't have this info, we cannot run these checks. It would take some brainstorming to figure out what we would need to do and what other info we could use, then some re-engineering of that area. Greylisting is an exception because we use other pieces of info in the check and greylisting doesn't need all the of pieces to perform the check. My suggestion is use the now working greylisting and some of your other spam checks to help identify these spam messages until we can think of a solution to this.