I've recently noticed that my mail server wasn't checking SPF records and decided to fix that. Turns out postfix can't do that natively, only with an external command. I chose postfix-policyd-spf-perl as my external SPF checker. Randomly.
Howto, at least for Arch
Install postfix-policyd-spf-perl from AUR.
Add to the end of /etc/postfix/master.cf:
policy unix - n n - - spawn
user=postfix-external argv=/usr/lib/postfix/postfix-policyd-spf-perl
The leading tab is important.
Add to smtpd_recipient_restrictions in /etc/postfix/main.cf:
check_policy_service unix:private/policy,
Do that after reject_unauth_destination, not before.
Check the logs, it should be checking SPF records now.