I have added an option (DOMAIN_PASS) that will verify they come from the same domain and deliver the email. :)

It works great to discard those hotmail accounts saying they are anyone else. :D

mail_from_check.content_filter reaches version 1.8
 

I have improved the mail_from_check content_filter (which reaches version 1.8 today!), you can now chain with other filters and besides the domain checks (if the Return-Path and From: header have the same domain but different users) the script can also check if the Return-Path domain is a subdomain of the From: header. Like it happen on some maillists:

Return-Path: < www @ server1.domain.org >
From: < forums @ domain.org >

Always you can whitelist pieces or full addresses of Return-Path (with RegEx), like ebay that has a Return-Path of:
"e3us-\d{13}-[\da-f]{14}@us.emarsys.net"

The content_filter also does verify if the email is rfc2822 compliant (by having all the required headers).

This is beeing enjoyful! I also derived this content_filter to integrate 3 antivirus at once and fully scan the email before final delivery. You can find it over here :D

*Edit: Mail_From_Check.Content_Filter is now updated to 2.0, now it does many tricks including chaining to mail_scan.sh from outside Postfix!

My Best Regards,

Eduardo Nunes

Now to conclude my trilogy of content_filters, beyond the sender with rfc2822 validations and the 3 antivirus scanner I also made one which will do the body_checks on a base64 encoded email :)