Well since Postfix was designed to work the way you described, the operation would be deemed normal.
As for SASL, I really don't think that's necessary. The SpamSnake is just a gateway that doesn't store the emails. It doesn't allow webmail access and doesn't have real users created. If you've implemented the firewall, at the end of the guide, you're already very secure.
My system has been up and running for the longest while without any failures or security breaches. The SpamSnake was built with security in mind and thus, you shouldn't have to implement any other features as it's already very protected.
Don't forget, you have to train your MailScanner via MailWatch. This will improve the accuracy of the spam engine.