Native SPF check
SPF verification ensures that the remote MTA is indeed allowed to send mail for a given domain name.
SPF relies on a TXT record at the root of the sender domain, defining sending authorizations, such as allowing some IPs to send mail and denying others, allowing MXs to send mail, rejecting all servers, etc. You will find more information about SPF on www.openspf.org
Setup with Postfix
In many articles, like those from Ubuntu, HowtoForge or some other well-ranked articles on Google, you will see the use of a PERL or Python postfix-policyd-spf call.
If you are a FreeBSD user or compile your programs yourself, you no longer need to use these PERL calls which can be quite heavy on a busy machine. There is a patch for Postfix, included in the FreeBSD port, and possibly in other packaged systems, that enables a native feature to perform SPF checks, avoiding the call to an external program, written in PERL or Python, and thus providing a significant saving of CPU and memory resources.
This patch is provided by libspf2.org, you will find it here.
If you compile via the FreeBSD ports or Poudriere, simply check the following option:
Once this option is enabled, you only need to add the reject_spf_invalid_sender option in the smtpd_recipient_restrictions option of Postfix to verify the SPF record associated with a domain. Postfix will take care of performing the verifications and reject the mail if the SPF policy of the domain requires it.