Mmh, what exactly would be the problem you see here? The fact that you can use your own domain as sender without login, when the recipient is in your domain?
While I wouldn’t consider this an actual “security problem”, since the sender entry of a mail can be faked in many ways and thus can’t really be trusted in any case (except the mail is PGP-signed or similar), you can probably prevent Postfix from accepting such mails using the “reject_sender_login_mismatch” and “sender_login_maps” directives.
Hmm, checking the documentation for this directive again, I think it might be too harsh a restriction. Also, it doesn’t apply when using a non-existing local email address.
In my case, I want authenticated users to be able to use any sender address they want. This is no longer possible when applying “reject_sender_login_mismatch”, since it works in both directions: When a MAIL FROM in the virtual map is used, it must match the logged in user, AND, when a user is logged in, they can only use MAIL FROM as per virtual map.
For me, the first half is okay; the second one is not.