Uh, sooo much to read
a) What is the different btw "required_hits" in /etc/mail/spamassassin/local.cf and /home/pehpehang/.spamassassin/user_prefs? Am i write to say that if i set "required_hits 4 " in /home/pehpehang/.spamassassin/user_prefs, pehpehang email account will follow "required_hits 4" instead of "required_hits 5" in /etc/mail/spamassassin/local.cf ?
The local.cf is the global configuration file. The settings in there apply to every mail scan, except you have defined other values in your user_prefs. The settings in user_prefs override the values of local.cf for the particular user.
We go with global settings for every mailbox of our customers. Especially decreasing required_hits value easily leads to a lot more so called "false positives" (ham mails that get marked as spam, although they are not).
Going with the same rules for also makes it easier in the beginning to check and tweak the base configuration.
I'm not a great fan of greylisting. Over the past few months and weeks spammers lerned to bypass it and you may run into trouble with your customers. I'd rather use a solid anti-spam setup for Postfix (till or falko just posted a good one here on howtoforge.com ), but it takes time until you got it how you want it. There are quite some RBLs that cause even more trouble...