Greylisting is the process of deferring emails from unknown senders. When the email arrives, Greylisting causes the server to return a message that boils down to, “I’m busy at the moment, try again in a bit.” Valid Mail Transfer Agents (MTAs), or mail servers will automatically retry many times. This retry time can be several minutes to start and last for several days. Invalid MTAs or spammers will simply give up and move to the next enticing spam target. We use these retry attempts as a way to weed out good email from bad.
cPanel created its own Greylisting daemon, cpgrey, that runs at SMTP receipt time. This means it happens before any real data is sent. The cpgrey daemon looks for a triplet: a source IP address, a source email address, and a destination IP address. If this combination has not been seen in a set time frame (this time frame is configurable), cpgrey will defer all email from that triplet for a set initial block time (again this time frame is configurable.) After the initial block time has expired, the system will accept email from the triplet until the max block time has expired.
cPanel users are able to control which of their domains use Greylisting through the Greylisting interface in both PaperLantern and x3. cPanel users will see a list of domains they control and a simple toggle to disable or enable Greylisting. Bulk actions to enable all or disable all are included in a gear icon located in the top right corner. We highly recommend our users to keep Greylisting enabled as a strong tool in their arsenal for combating spam.
Source - https://blog.cpanel.com/cpanel-vs-spam-greylisting-enters-the-fight/