Ooops..really I confused you. It's like this -
The only domain on my server is mydomain.com.
Only mydomain.com users allowed to send mails to a internal distributions group (say, email@example.com).
Problem: spammers are generating mails from a invalid mail address in mydomain.com - say, firstname.lastname@example.org. This user doesn't exist but the mail gets delivered to the distribution list called email@example.com.
firstname.lastname@example.org - permit to send mails to -> email@example.com
invalid_user_SPAMER@mydomain.com - BLOCK sending mails to -> firstname.lastname@example.org
This works accordingly.The fact that you have set /opt/zimbra/conf/zmmta.cf to 'yes' will reject any mail sent to your server for an email address that doesn't exist on the server. Isn't that what you're describing above?