Wow, email sure became complicated, especially from the cloud, especially from EC2. Oh you'll need to know about BIND, reverse DNS or alternatives, SPF records, blacklists, and all sorts of other crap.
But just as you have outsourced your datacenter by using the cloud, outsource your email sending as well. Checkout AuthSMTP. With pricing start at $24/YEAR, you might as well start using it before you get yourself into trouble.
And check out Paul Dowman's great article on how to configure this: A rock-solid setup for sending SMTP mail from your EC2 web server
AuthSTMP let's set up a list of authorized "From" accounts that can send email. If it's not on the list, it will be rejected. Both the unix user and the email from: must in AuthSTMP's list. If you webserver running as "www-data" is sending email as "bobsmith@yourcompany" then you have to authorize both "www-data@..." and "bobsmith@...".
You are going to want to set up a bogus "root@..." account that will be forwarded to you, and add "root@..." to the approved senders. If a cronjob or some system process sends email, you want to make sure you get it. As as mentioned, you'll also want to allow "www-data" (or whatever user your webserver runs as) or "nagios" to be allowed to send email too.
In most cases, uou will also want to set up that bogus "noreply" email group too and add that to the approved list.
Handy Postfix Commands
While configuring all this, you'll like screw up and have a bunch of mail stuck in the postfix queue. To delete them all do:
sudo postsuper -d ALL