Postfix 2.1 is finally out and has a bunch of new features, ranging from the potentially very evil ability to match mail on the usual range of header and body checks and then auto-Bcc extra recipients (imagine your company's paranoid security personnel Bcc'ing themselves a copy of every outgoing mail that contains a word like, say, IPO), all the way to weapons to prevent evil in the form of address verification.
Address verification is a great new feature. In short, this takes the RCPT FROM from each incoming connection, obtains the MX for the reported domain, and connects back in real-time with a probe to determine whether the reported sender address is actually deliverable. If it is, the incoming e-mail is allowed through. Otherwise, it gets a 550. A cache of both positive and negative results is built up, otherwise this would be horribly expensive on all but the lowest traffic sites.
Exim has had this for a while (under a different name), but that MTA's monolithic design doesn't appeal to me. An MTA is too complex a piece of software to have a monolithic design these days, especially if it runs as root. That's a liability I don't need.
Don't turn on address verification unless you have a relatively low traffic site. Those probes are expensive, even with caching.