>> 1.xyz MX points to MX-other (spam relay)
>> 2.xyz MX points to MX-own (my own server)
>>
>> I do get a lot of emails to 1.xyz users sent directly to my own
>> mailserver (not passing through MX-other). This is because the spammers
>> uses every single IP address they can find and see if it accepts email or
>> they lookup the A-record for 1.xyz and delivers directly to this IP
>> address.
>>
> If 1.xyz is really a separate domain as you said, that why does it contain
> an A record for your postfix server? That just tells the world that the
> two domains are related.

Because its A-records are identical - they have the same webserver.

> Remove all references to the 2.xyz domain from the 1.xyz zone file so DNS
> queries can't see any connection between the two.

Not possible as they share the same webserver.

> Then configure the 1.xyz mail server to deliver mail to your 2.xyz Postfix
> server by using its fully qualified domain name: that will force the 1.xyz
> to do a DNS lookup for the 2.xyz MX record and will keep the relationship
> between the two invisible to the outside world because the only place it
> appears is in the MTA configuration file, which is private.

The problem is not the 1.xyz domain. The problem is my Postfix
configuration, on my own mailserver, as it accepts mail from everyone to
1.xyz. I need my Postfix to reject all emails to 1.xyz that doesn't come
from MX-other (my spam relay).