Information below (2 parts). Thank you.

[ postconf -n ]

alias_database = $alias_maps
alias_maps = hash:/usr/local/etc/postfix/aliases
biff = no
body_checks = regexp:/usr/local/etc/postfix/body_checks
body_checks_size_limit = 160000
bounce_size_limit = 800000
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
debug_peer_level = 2
default_database_type = hash
default_verp_delimiters = +=
disable_verp_bounces = no
disable_vrfy_command = yes
header_checks = regexp:/usr/local/etc/postfix/header_checks
hopcount_limit = 20
html_directory = no
inet_interfaces = 127.0.0.1, 192.168.1.21, 192.168.2.21
local_recipient_maps = $alias_maps
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maximal_backoff_time = 80m
message_size_limit = 10240000
mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks
minimal_backoff_time = 20m
mydestination = $mydomain
mydomain = domain.com
myhostname = mail1.our.domain.com
mynetworks = 127.0.0.0/8, 192.168.0.0/16
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
prepend_delivered_header = forward
queue_directory = /var/spool/postfix
queue_minfree = 102400000
queue_run_delay = 20m
readme_directory = no
recipient_canonical_maps = hash:/usr/local/etc/postfix/recipient_canonical
relay_domains = $mydestination, domain.com
sample_directory = /usr/local/etc/postfix
sender_canonical_maps = hash:/usr/local/etc/postfix/sender_canonical
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
show_user_unknown_table_name = no
smtp_tls_note_starttls_offer = yes
smtpd_authorized_verp_clients = 192.168.0.0/16, 127.0.0.0/24
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = check_client_access
hash:/usr/local/etc/postfix/access check_
client_access hash:/usr/local/etc/postfix/spammers reject_rbl_client
bl.spamcop.net re
ject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client
dnsbl.njabl.org reject_unauth_p
ipelining
smtpd_etrn_restrictions = reject
smtpd_hard_error_limit = 8
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks
reject_non_fqdn_hostname reject_invalid_ho
stname hash:/usr/local/etc/postfix/spammers
smtpd_junk_command_limit = 4
smtpd_recipient_restrictions = check_recipient_access
hash:/usr/local/etc/postfix/recipient
hash:/usr/local/etc/postfix/spammers permit_mynetworks
reject_unauth_destination
check_sender_access hash:/usr/local/etc/postfix/access
check_client_access hash:/usr/loc
al/etc/postfix/access reject_non_fqdn_recipient
smtpd_sender_restrictions = check_sender_access
hash:/usr/local/etc/postfix/access reject
_non_fqdn_sender reject_unknown_sender_domain
hash:/usr/local/etc/postfix/spammers
smtpd_soft_error_limit = 8
smtpd_timeout = 150s
smtpd_tls_cert_file = /usr/local/etc/postfix/certs/host.domain.com-crt.pem
smtpd_tls_key_file = /usr/local/etc/postfix/certs/host.domain.com-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/usr/local/etc/postfix/transport
undisclosed_recipients_header = To: ;
unknown_local_recipient_reject_code = 550
verp_delimiter_filter = -=+
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual

[ relevant info from /var/log/maillog ]

Aug 24 13:15:45 mail1 postfix/smtpd[33065]: connect from
host1.domain.com[192.168.1.10]
Aug 24 13:16:09 mail1 postfix/smtpd[33065]: NOQUEUE: reject: RCPT from
host1.domain.com[192.168.1.10]: 550 5.1.1 <***@domain.com>: Recipient
address rejected: User unknown; from=<***@ourhost.com>
to=<***@domain.com> proto=SMTP helo=<ourhost.com>
Aug 24 13:16:13 mail1 postfix/smtpd[33065]: NOQUEUE: reject: RCPT from
host1.domian.com[192.168.1.10]: 550 5.1.1 <forrie>: Recipient address
rejected: User unknown; from=<***@ourhost.com> to=<forrie>
proto=SMTP helo=<ourhost.com>
Aug 24 13:16:19 mail1 postfix/smtpd[33065]: disconnect from
host1.domain.com[192.168.1.10]
Aug 24 13:16:39 mail1 postfix/smtpd[33065]: connect from
host1.domain.com[192.168.1.10]
Aug 24 13:16:56 mail1 postfix/smtpd[33065]: NOQUEUE: reject: RCPT from
host1.domain.com[192.168.1.10]: 550 5.1.1 <forrie>: Recipient address
rejected: User unknown; from=<***@host1.domain.com> to=<forrie>
proto=SMTP helo=<host1.domain.com>
Aug 24 13:17:01 mail1 postfix/smtpd[33065]: NOQUEUE: reject: RCPT from
host1.domain.com[192.168.1.10]: 550 5.1.1 <***@domain.com>: Recipient
address rejected: User unknown; from=<***@host1.domain.com>
to=<***@domain.com> proto=SMTP helo=<host1.domain.com>
Aug 24 13:17:08 mail1 postfix/smtpd[33065]: 3ADC2216C2F:
client=host1.domain.com[192.168.1.10]
Aug 24 13:17:13 mail1 postfix/smtpd[33065]: disconnect from
host1.domain.com[192.168.1.10]

I do this to some extent. For example, I download the Joewein.de spam
domain blacklist and build an access file of it[1], which I use for
check_{client,helo,sender}_access. (I might also try that with
*_{mx,ns}_access lookups to see how well it does.)

Rationale:
Client lookup: If the reverse DNS shows the host is owned by a known
spammer, I want nothing to do with them.
Helo/Sender lookup: If they are really the spammer, I want nothing to
do with them. If they are impersonating a spammer-owned domain, same
thing, only more so. :)
Sender/Helo MX: hmmm, not sure, but a local hash: file lookup is fast
enough that it won't hurt to try it (warn_if_reject).
Sender/Helo NS: I think this might catch a lot! I bet that ROKSO
spammers use a small number of NS hosts which could prove to be a
weakness for them.

Granted, however, a common mistake is that people fail to understand
differences in access(5) lookups, and that may well be happening in
this case. It's rather silly to do a check_recipient_access lookup as
an antispam measure.


[1] I build this daily at one site and share it among several others.
If anyone wants to wget(1) it from me, please write offlist and I'll
give you the details of when/where/how.