It's less effective for sure, but depending on your situation it might be good enough. On email systems I maintain the only filtering I set up is AV with Clamav. One reason for this is my huge dislike for solutions that statistical filtering provides -- you end up having to check the spam folder or whatever anyway. I just don't see the point. The only solution I think is a real proper solution is for spam never to hit any user mailbox in the first place, but that will probably never happen. So just I limit spam filtering to checking strict SMTP compliance for the messages (message format) and Spam Haus filtering as the last measure. I can't imagine any legitimate email ever tripping format/protocol checks, and I was amazed how much spam just those checks eliminated. Spam Haus cuts on that a little more. Sure there is still spam hitting the inboxes, but I think it's manageable (haven't had complaints), say around 30 messages/day for a busy address (for example, the main address [relatively widely published and always unprotected] of an international organization). YMMV of course.
EDIT: Greylisting would probably cut down on this further drastically, but I'm just too lazy to implement because no one complained yet about too much spam. :)
I couldn't imagine not filtering my mail. I hate seeing spam too much. To a point where minimizing it is an obsession. I spent a considerable amount of time on this about 10 years ago, but very little since [1].
Anyway, just did a quick search through mail.log and in the past 24 hours, I got 4017 SPAMS that were rejected at SMTP time by Postfix [2], about 40 SPAMs got through those, but caught by SpamAssasin [3]. 0 spam delivered to inbox. 0 false positives. 126 legitimate mails.
I'd looked into greylisting some years ago, but never implemented because I didn't like the idea of delivery delays.
So I'm in complete agreement with you regarding how effective SMTP level checks + rbl are, but I disagree regarding statistical filtering -- Bayes was key for me to getting 100%. I had put off adding this layer for years, because I didn't fully understand or trust it, but now I'm a believer. Also, once trained, it just works. I rarely look at my spam folder. Retraining is easy, I just drag a rare false positive/negative to HamCaught/SpamMissed folders then nightly training script auto learns.
[1] I was an email admin at a local gov agency, then tried to get into email hosting biz, so it wasn't just personal obsession.
[2] Using things like standard helo/client/sender/recipient restrictions, with very few custom rules, and rbl check using spamhaus.
[3] SA + razor/pyzor/bayes, again with very few custom rules.
EDIT: Greylisting would probably cut down on this further drastically, but I'm just too lazy to implement because no one complained yet about too much spam. :)