Honestly, it’s about time Postfix gets replaced with a modern email server. It’s a dinosaur designed around 1990s UNIX, with dozens of leftover footguns eagerly waiting to go off.
The fact that it even allows local mail submission or trusted subnets is already problematic, if you ask me. It is 2023, email should only be allowed after proper authentication & authorization!
Of course Postfix supports auth, I’m not disputing that.
The problem is that it also supports completely anonymous submission from localhost and from local networks, and there are half a dozen ways to accidentally turn your server into an open relay. This made sense in the 1990s when every machine was hosting its own mail server for the two dozen local users, but we don’t live in that world anymore and support for it should’ve been removed already. If you’re using it something is going seriously wrong in your setup, so why is it allowed at all?
I haven’t looked too closely into it, but something like Stalwart seems closer to my expectations: just a no-nonsense batteries-included secure-by-default mail server.
There are also dozens of “mail in a box” setups out there who try to do the same thing, but they all end up being Rube Goldberg machines built on top of legacy software.