You may want to look into BATV.
It works this way (very roughly, see the spec for real details)
Every email you send has a MAIL FROM modified (somewhat ala SRS) to
contain a key as part of the LHS.
Every time you receive an email with a null MAIL FROM, check the RCPT
TO. If the key is not there, or is invalid (best practise is that the
key is an encryption of the from and a passphrase, changing the
passphrase periodically), reject the bounce. Otherwise, strip the
password, and pass it on.
It apparently works quite well, but you may have to whitelist a few
things that don't work properly RFC-wise (EZMLM being apparently the
main offender. It goes by MAIL FROM for checking the subscriber's
existance, _not_ From, and thus will bounce the "signed" MAIL FROMs).
Don't try this if you don't control _all_ of your outbounds.
If this is just a one-person server, there's generally no harm in simply
rejecting all inbound null-from email. "Proper" mail servers will have
rejected NDRs on outbound, so won't be bouncing thru your inbound (that
is presuming your MTA can tell the difference).
