Sure, it's possible to defend against hackers to a degree, but even using a completely static website still leaves you open to attack surfaces in the webserver software or to remotely exploitable vulnerabilities in the Linux network stack.

> FYI you are misusing "greylist."

I assume we share the definition of "greylisting" to be the receiver MTA blocking the first delivery of an incoming email with "try again later", and the sender MTA then retrying after that time frame? If yes then this exactly describes my experience in administrating self-hosted mail servers with popular large mail providers.