The simplest thing I know of would be to set up a couple Postfix VM's and have rules to allow relaying specific domains to a final mail server of your choice and either discard the rest if confidence is high or put them in a quarantine queue or text file for manual review, or just reject anything not specifically allowed. This allows adding other anti-spam mitigations before anything even touches your final destination mail server.
The simplest thing I know of would be to set up a couple Postfix VM's and have rules to allow relaying specific domains to a final mail server of your choice and either discard the rest if confidence is high or put them in a quarantine queue or text file for manual review, or just reject anything not specifically allowed. This allows adding other anti-spam mitigations before anything even touches your final destination mail server.