Ooops..really I confused you. It's like this -
The only domain on my server is mydomain.com.
Only mydomain.com users allowed to send mails to a internal distributions group (say, firstname.lastname@example.org).
Problem: spammers are generating mails from a invalid mail address in mydomain.com - say, email@example.com. This user doesn't exist but the mail gets delivered to the distribution list called firstname.lastname@example.org.
email@example.com - permit to send mails to -> firstname.lastname@example.org
invalid_user_SPAMER@mydomain.com - BLOCK sending mails to -> email@example.com
This works accordingly.The fact that you have set /opt/zimbra/conf/zmmta.cf to 'yes' will reject any mail sent to your server for an email address that doesn't exist on the server. Isn't that what you're describing above?