I want to say something about this discussion. I am by skill a programmer. I have recently spent time in Linux server admin class and my business partner is by skill, server admin. We have tried to reproduce your bounce relay spam attack, and have been unable. I am NOT saying it didn't happen, just that I can not reproduce.
Next, recipient blocking prior to qmail handling is not an option for me. We have clients that have catchall set to postmaster, so they can have unlimited aliases without setting anything up. Therefore, if example@domain.com doesn't exist, what you propose by blocking at spamdyke level, client doesn't get mail even if catchall is set to a valid email.
On my tests, qmail properly deleted all mail sent to a known domain, unknown recipient. We bombarded server4 with a literal mail syn flood, and although CSF shut down the flood, qmail bounced no messages. Also, on all connections, log shows spamdyke operational. Why was yours only on first connection?
Is it most efficient way, to process mail, then delete... no. However, as I stated, it is not an option for me to block unknown recipient at spamdyke level.