I want to authenticate my customer's MTAs to my relay server (Postfix) and accept mail from only those authenticated MTAs.
How do I authenticate inbound MTAs using Postfix?
SASL is the way to go. If you use smtpd_sasl_auth_enable (along with smtpd_relay_restrictions = permit_sasl_authenticated and a proper SASL configuration), only authenticated connections will be able to use your server as a smarthost relay.