All work OK except when I send a mail from nonexistent-user@my-domain
to user@my-domain, courier permit send, no has control about identity
of nonexistent-user that send mail =(.
SMTP doesn't define a mechanism for verifying return addresses. You can
always send an email with whatever "From" address you want, regardless
of the server, unless the server has a "dialback" mechanism of some type
(which is uncommon).
Outbound SPF checking could accomplish what Adrián wants (i.e. applying
SPF checks to relayed messages, not just to incoming ones). An SPF record
for the "my-domain" domain with an "exists:..." SPF mechanism and a
correspondingly set up DNS server would be required, though.