Solutions:

*) Whitelist this sender domain for greylisting service:

cd /opt/iredapd/tools/
python spf_to_greylist_whitelists.py --submit <domain1> <domain2> ...

Note: script spf_to_greylist_whitelists.py will store those mail domain names in sql table, and query its SPF, MX, A records, store all IP addresses or networks in those DNS records as whitelisted sender servers.

*) If sender domain doesn't have proper SPF/MX records, whitelist their mail domain name directly:

cd /opt/iredapd/tools/
python greylisting_admin.py --disable --from '@<domain>'

Note: '@' is required if you want to whitelist entire domain. And it just checks sender email address, not sender server IP addresses.

Check more details and samples in tutorial below:
http://www.iredmail.org/docs/manage.iredapd.html

BTW, of course you can use either one or both two, but first one is recommended - if sender domain has proper SPF DNS  record.

Other way is to give ability to check IP's by /24 instead of individual IP's

Hmm , maybe we don't understand each other. I don't want  to add domains to whitelist manually, because we have many new mails from new domains.  But i want greylist to do it automatically by domain name OR by IP/24 .

For my example:
Firs connection from 17.mo3.mail-out.ovh.net[87.98.178.58]: should be greylisted
Second connection from 15.mo3.mail-out.ovh.net[87.98.150.177]]: should be autowhitelisted by 87.98.150.* mask

like it made in postfix-gld

#
# Shall we use lightgrey option ? (0=No,1=Yes) (default is 0)
#
# The lightgrey option, mask the last octet of IP addresses
# and thus we greylist only C classes (/24) instead of individual IPs.
#
LIGHTGREY=0

#
# Shall we use the mxgrey algorithm ? (0=No,>0=Yes) (default is 0)
#
# the mxgrey algorithm is a variation of the greylist algorithm.
# When this is enabled, we allow all incoming mails from an IP address
# whatever source/destination email as long as this IP has been greylisted
# at least X time and succeded the mail resend .
#
# Example:
# The IP 1.2.3.4 sends an email from src@domain.com to user@yourdomain.com
# We greylist this mail as this IP is not yet in database and send a 450 SMTP code
# After some time, the IP re-send the mail from src@domain.com to user@yourdomain.com
# We update the db.
# Some time after the ip 1.2.3.4 sends an email from john@domain.com to fred@yourdomain.com
# We will accept this mail without any greylisting, as this ip already succeded a greylist test
# and thus seems to be a valid smtp server and not a spammer .
#
# The advantage of this method, is that it reduce the re-send time due to greylisting to
# x mail per server instead of one mail per destination .
#
# The value you provide in MXGREY is the minimum number of succesful greylists
# before accepting all mails from this MX. higher the number is, harder is to get in.
#
# This algortihm replace the old LIGHTGREYDOMAIN which was available prior version 1.6
#
MXGREY=0

Not certainly in that way. We don't wait 1.1.1.1 to connect twice.

First connection from 1.1.1.1 - greylisted, start waiting new connection from 1.1.1.0/24 to pass.
Second connection from 1.1.1.2  - PASSED . Add 1.1.1.0/24 to whitelist with expire in X days.

In this way first delay will be more then 1 hour always( if sender have many IP's). Look my log with mail-out.ovh.net , it used 87.98.184.158 again only after 1 hour.
It would be perfect to give users(admins) flexible  greylisting tool with many options. You can use your strong rules by default, but  i'd like to have ability to configure it as i want.
For me "sender + recipient + sender IP/24" is the best option. But with /24 at start, i don't want to wait triplet with single IP.

Now business tell me "ok, we don't want to wait 1-2 hours for first email from new client after call".  And i have only 2 ways
1) switch your greylist scripts to other (postfix-gld has this ability) and lost it in iredadmin.
2) disable greylist and get spam.

I checked iRedAPD source code, it's very easy to whitelist "1.1.1.*" while sender passed greylisting, from your experience, do you think it's enough?

i thought again  and think now , that 1.1.1.0/24 is enough)

any news?

You guys are digging a half-year old thread...

Currently, if one sender passed greylisting, it's IP will be whitelisted for few days (depends on the setting in iRedAPD config file, default is 30 days). If another sender sends email from same server (same IP), it's considered as it already passed greylisting, so no more greylisted.

Greylisting depends on whether sender server retries mail delivery, if it passed, it sure will pass for all emails sent by hosted users, so no reason to apply greylisting to this sender server anymore. But if it passed, we still don't pass '1.1.1.*' automatically.

How about use CIDR network instead?