Perhaps I'm being a bit dumb this morning but your post has confused me.
If I understand this correctly you are saying that the only domain on your server is mydomain.com and spammers are generating mail for firstname.lastname@example.org (and here's part of my confusion), this user doesn't exist but the mail gets delivered via a distribution list. Am I still missing the point?
Originally Posted by Vivek k c
The fact that you have set /opt/zimbra/conf/zmmta.cf to 'yes' will reject any mail sent to your server for an email address that doesn't exist on the server. Isn't that what you're describing above?
There are also several settings in the Admin Ui that can further restrict who can connect to your server, check the following settings:
Have you actually made any changes on who can send to distribution lists as described in this article?
Hostname in greeting violates RFC (reject_invalid_hostname)
Client must greet with a fully qualified hostname (reject_non_fqdn_hostname)
Sender address must be fully qualified (reject_non_fqdn_sender)
Client's IP address (reject_unknown_client)
Hostname in greeting (reject_unknown_hostname)
Sender's domain (reject_unknown_sender_domain)
RestrictPostfixRecipients - Zimbra :: Wiki