You want to add privilege to only users with real username and password can relay through postfix. So we need TLS encryption so we can start this. You will need to make certs and change /etc/postfix/ so your service will use certs. First of all make new directory in /etc/postfix.

[root@security1 ~]# mkdir /etc/postfix/certs

After this you should copy my-ca.crt in this directory, and make new key and crt, just like on this link: How to make key and crt. When you finished with this, you should change /etc/postfix/ and add next:

smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/certs/postfix.key
smtpd_tls_cert_file = /etc/postfix/certs/postfix.crt
smtpd_tls_CAfile = /etc/postfix/certs/my-ca.crt
smtpd_tls_loglevel = 1

You have now configured TLS, restart service saslauthd and postfix, and start it on boot. Now we will configure authentication using saslauthd. This will use the saslauthd service to check users and passwords. This is already configured to use pam on our system, so all local users will be able to use their login passwords to send email. If you wish to alter this, to use a different authentication mechanism, you should edit the /etc/sysconfig/saslauthd file. Configure postfix so he use saslauthd. Add the following lines to /etc/postfix/

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

Postfix should allows SASL authenticated users to send email. So add next in file:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination