As walruz mentions, spamhaus does eliminate a lot of spam. But, see below for the solution you wanted.
The basic idea I'm thinking of is if the MAIL FROM sender claims to be an address at the receiving domain, but is connected from a remote IP, the mail should be rejected. Is there any way of doing this?
You could do something like this:
The point is that local connections would be allowed by the permit_mynetworks
, but remote connections would be subject to the check_sender_access
Also take a look at reject_unlisted_sender
, which does something a little different. See the postconf(5) man page.