DNS is more or less like a phonebook, it translates domains to IP numbers plus it allows to store some domain specific data in records like the TXT record. So you can not disable connections to the mail system (postfix) by using DNS. What you can do is that you use techniques like Dkim to sign mails digitally, Dkim stores it's public keys in the DNS system. But that's not forbidding something, it is just a technology, together with things like SPD records, to digitally verify that an email is sent by a server that is allowed to send email for this domain and to ensure email integrity. More details on Dkim can be found here: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
You can add these settings to reject invalid, unknown or non-fqdn sender and recipients in the smtp_recipient_restrictions line in postfix main.cf: reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_recipient_domain,reject_non_fqdn_recipient,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_unknown_recipient_domain But of course, no setting to prevent spam is without false positives. In case that a valid sender has not setup his mail server correctly, then his emails will be rejected as well.
