My question is very similar to this one, but for postfix.
We keep getting emails from addresses like "accounting@example.com" delivered to our actual "@example.com" addresses. From my google research, I understand it might not be practical to verify the email originated from our IP or VPN (Although this would be ideal, so if you can think of a way to do this, let me know), but in most of these cases the sender address (ex. "accounting") is not a valid account.
I imagine there must be a way to make sure that a local account exists before delivering the message.
Best Answer
You'll want to add
reject_unlisted_sender
to yoursmtpd_sender_restrictions
.Without a little planning this will also reject mail from root@hostname.example.com as well, so keep that in mind.