postfix

How to protect yourself from spoofing the sender's address?

Hello! Has its own mail server. Lately, spam has been on the rise because:
1) Spammers send a valid HELO
2) Spammers have a PTR and all their hosts exist and resolve
3) The spammer's IP is not blacklisted by Spamhaus and other DNSRBLs
4) Spammers send emails from existing addresses to mail. ru, but not from mail.ru servers
for example
Apr 4 11:28:03 server2 postfix/smtpd[27030]: connect from 88.249.121.213.dynamic.ttnet.com.tr[88.249.121.213]
Apr 4 11:28:03 server2 postfix/smtpd[27030]: AEE963C60731: client=88.249.121.213.dynamic.ttnet.com.tr[88.249.121.213]
Apr 4 11:28:04 server2 postfix/cleanup[27079]: AEE963C60731: message-id=< [email protected]>
Apr 4 11:28:04 server2 postfix/qmgr[27006]: AEE963C60731: [email protected], size=6761, nrcpt=1 (queue active)
Apr 4 11:28:04 server2 postfix/local[27080] : AEE963C60731: [email protected], relay=local, delay=0.82, delays=0.71/0.01/0/0.1, dsn=2.0.0, status=sent (delivered to maildir)
so Actually the question is, does postfix have some kind of protection against this? For example, for some domains (mail.ru), check that these letters should be sent only from the mail.ru domain (for example, f323.i.mail.ru will be the correct server in this case, and 88.249.121.213.dynamic.ttnet.com .tr - no)