or you can use postfix filtering :)
# Postfix Filtering
# some RBLs
# Grey Listing
recipient_checks: This is usefull when you use a catch-all email address (e.g. all mails to @domain.com will be put into the same mailbox). I use catch-all for the following: Whenever I have to give an email address somehwere, then I make "email@example.com". Then based on the recipient info I know where there was a leak of email addresses :)
recipient_checks.pcre: You can also work with regular expressions
# Note: You must have PCRE support support built in to Postfix at
# compile time to use this. (Tho I've been told the following are
# valid POSIX RE's ["regexp:" map type], as well.)
# Postfix doesn't relay by default. But it may *appear* to do so
# to some testers. The first two statements below remove all
/^\@/ 550 Invalid address format.
/[!%\@].*\@/ 550 This server disallows weird address syntax.
# Let email to the following destinations bypass all the remaining
# "reject" and "check" tests. We always want to let email for these
# recipients in.
# Note: The "OK"s above, for postmaster, etc., will *not*
# bypass header and body checks. There is currently no way
# to do so with Postfix :(
# Remember where I said, at the very beginning, about how
# order is important? Whatever you do, do *not* place an
# access map like this one before the "permit mynetworks"
# and "reject_unauth_destination" statements. Not unless
# you want to be an open relay, anyway.
helo_checks: List your domains :)
# This file has to be "compiled" with "postmap"
# Reject anybody that HELO's as being in our own domain(s)
# (Note that if you followed the order suggested in the main.cf
# examples, above, that machines in mynetworks will be okay.)
roleplayer.org REJECT You are not in roleplayer.org
notkeriana.ch REJECT You are not in notkeriana.ch
montepacis.com REJECT You are not in montepacis.com
montepacis.ch REJECT You are not in montepacis.ch
ferronet.de REJECT You are not in ferronet.de
regenmacher.ch REJECT You are not in regenmacher.ch
laurelin.fr REJECT You are not in laurelin.fr
# Somebody HELO'ing with our IP address?
#192.168.1.2 REJECT You are not 192.168.1.2
18.104.22.168 REJECT You are not 22.214.171.124
# Somebody HELO'ing as "localhost?" Impossible, we're "localhost"
localhost REJECT You are not me
sender_checks: Check the sender's domain...
# This file must be "compiled" with "postmap"
# Using a domain name
discardmail.com 554 Spam not tolerated here
izmail.serveftp.net 554 Spam not tolerated here
# Maybe example2.tld is on a DNSbl, but we want to let their
# email in anyway.
# We get lots of spam from example3.tld, but we have somebody
# there from which we do want to hear
I don't remember what was necessary to install pcre and whether postmap works out of the box. You'll have to check your logs if you implement these things :)
Well, with the above things you can easily make white/black lists and some general checks :)