The article available here presents a good discussion of how to deal with this robustly and securely. It is related to several of the other suggestions in this thread.
These changes leave the HELO restriction in place unless he user is authenticated or is on the local network.
Note that you also need to set mynetworks appropriately. If, for example, you are on the ubiquitous class C home network 192.168.1.*, then you need to do the following as well:
1) QUIT (not close) Server Admin and open Terminal
2) Check your current config with this command:
sudo postconf -c /Library/Server/Mail/Config/postfix mynetworks
3) In most cases, you will get back just the following. If you get something more like what is shown in (5), then someone already did this and you can stop.
mynetworks = 127.0.0.0/8,[::1]/128
4) If your "mynetworks" looks like the one above, then execute these two commands:
sudo postconf -c /Library/Server/Mail/Config/postfix -e "mynetworks=127.0.0.0/8,192.168.1.0/24,[::1]/128
sudo postfix reload
5) Repeat step 2 and you should get this:
mynetworks = 127.0.0.0/8,192.168.1.0/24,[::1]/128
Ok - so to be complete, here is the solution from the link above as added steps...
6) Enter these commands to set postfix to let the FQDN restriction "slide" for local network and authenticated users:
postconf -e "smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_invalid_helo_hostname"
sudo postfix reload
I have been running this way for a couple of months (OS X Mountain Lion Server 2.2.1 and now 2.2.2) with no problems having these changes overwritten. This includes surviving a couple of config changes from Server Admin and several reboots.
(I do make the changes using the postconf command in the terminal, and not by hand editing the config files as others are suggesting, although I can't say whether this really makes any difference as far as protection from overwriting.)