Depending on your network setup, you should be able to control this using smtpd in master.cf.
For example, if you have 2 NICs, 192.168.0.1 and 22.214.171.124, and the first is your internal LAN and the second is the external WAN, replace
smtp inet n - n - - smtpd
127.0.0.1:smtp inet n - n - - smtpd
192.168.0.1:smtp inet n - n - - smtpd
and then postfix will only listen on localhost and 192.168.0.1
How to deal with the SA issue will depend on how it's set up.