Here's how I did it, probably easier than procmail or maildrop.
in postfix main.cf
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/sender_access, (etc)
domain.tld REJECT You are not me!
mail.domain.tld REJECT You are not me!
now anyone who tries to send me email using any address from my own domain is rejected. My own users are either authenticated or on my network, so the third option never gets checked.