So, this might be flamebait, but what it really comes down to is that your issues with greylisting were likely because you didn't do your homework
No - I did my homework to find out exactly how somebody managed to fuck up communication and greatly delay messages from one end, and found that the answer was greylisting implemented very poorly at the remote end. My comment above is because I "did my homework" and observed the downsides. Those downsides are now listed in the wikipedia article.
For the record of yourself and the other idiot making noise about MS Exchange, I had not configured either of the two servers and instead came in after the problem came to light. So it's not just "flamebait" it's also a stupid jump to a conclusion just because I'm critical of yet another flawed anti-spam stopgap that can backfire if care is not taken. Spammers are channelling stuff via real mail servers now or getting their bots to resend so greylisting is losing what effectiveness it had anyway.
How do you think those IPs ended up on the list in the first place
All your insulting bets are wrong, all that happened is some IP addresses got reassigned quite a few years ago. What used to be dynamic with one ISP became static with the company that bought them out.
The rules sets are updated pretty frequently - that's where the front lines of the battle are. As others have said, the engine is pretty mature.
The question, I guess, is what do you want spamassassin to do that can't be expressed with the current rules language?
A bug in the code is worth two in the documentation.