Many people have been asking how to block forged MAIL FROM:<> email addresses.
Correct me if I wrong but it seems to me that Postfix:reject_unauthenticated_sender_login_mismatch
could resolve this issue for all local addresses. If so I could see integrating this into ISPC3.
You can read up on it here
It is my understanding that if used with smtpd_recipient_restrictions
it will require you to be authenticated for any addresses located in $smtpd_sender_login_maps
& that can be easily specified.
Here is another post with a similar dilemma.