Your above example is ok. If you want to disallow normal mail deliveries from other servers over smtps and submission port, then you can also uncomment the line:
-o smtpd_recipient_restrictions=permit_sasl_authentic ated,reject
so these ports will only accept emails after the serbder authenticated itself. If you leve it as it is at the moment (whic is ok), these ports will behave like port 25 (accept emails for local mailboxes without authentication and require authentication for relaying).