Dropping support for the amavis scanner is not (currently) an option, so that use case remains valid; I'd sure be open to ideas for how to resolve that without the use of recipient verification.
Do you have a way to validate these addresses like doing an sql lookup? I can't suggest an actual solution since I have no idea how your system works, but between either check_recipient_access or check_policy_service could you write a query or script that could lookup the rcpt alias address and validate it? Then a reject can be returned to postfix before the mail is accepted and sent to amavis. You can write a script in python, perl, php, node.js, etc to work with check_policy_service to do whatever lookup you need from the source and give postfix an answer instead of using verification services.
