Eu segui o conselho no link que Michael Hampton fornecido que é baseado no endereço do envelope SMTP do remetente e, portanto, está sujeito a spoofing do remetente do SMTP.
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
...
check_recipient_access hash:/etc/postfix/protected_destinations
...the usual stuff...
smtpd_restriction_classes = insiders_only
insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
/etc/postfix/protected_destinations:
[email protected] insiders_only
[email protected] insiders_only
/etc/postfix/insiders:
my.domain OK matches my.domain and subdomains
another.domain OK matches another.domain and subdomains