Check out settings in main.cf
From an installation done yesterday the stock settings look like this:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
There are, however a number of different restriction streams that can be set. The tighter the policy the more trouble a rogue email has getting through. But the same is also true of valid emails... watch your logs!
This page here gives a rather good description of the various postfix smtp restrictions available http://wiki.centos.org/HowTos/postfix_restrictions
One of my dev boxes looks like this instead
Watch out if you see a reference to using "reject_unknown_helo_hostname" - if this is set you may end up losing legitimate emails as quite a few mail servers out there do not identify themselves properly and fall foul of this setting. Especially servers behind NAT'd firewalls that send an "internal dns name" for a helo - cannot be resolved on the public internet.
A few linkys here:-
For most of the restriction settings you can use "warn_if_reject" instead so although a message will be passed by the MTA an entry will be placed in maillog showing that it would have been rejected.
Good luck with your upgrade!