Xan wrote:
To be honest I don't know much about Postfix. But from this discussion, the links therein, and some Googling, it looks like Postfix isn't set up to reject mail at SMTP time, which is far and away the very best time to reject mail.
postfix has quite a few built-in tests that can be done at smtp transaction time (sender address verification, valid recipient, dns resolving, valid HELO, RBL checks, relaying, simple regex checking of message contents) and has the ability to delay transactions while backend processing is done (eg virus check, anti-spam).
Yesterday my linode rejected 27,000 messages at SMTP time, and only accepted 242 messages. (And that's without A/V or antispam filtering; I do that later with spamassassin and filter results into a local spambox).