SPF and DKIM is configured for your domains so the message you send have that protections enabled. But for received messages, DKIM or SPF is not enforced meaning the server accept all message including those that fails on any or both of this categories.
It might be a nice improvement to set this check as an option I think. I receive spoofing messages and lots of spam, so I think this can at least improve a bit the situation.
If it is not going to be an option, should I proceed on my own enabling this for postfix following standard ubuntu+postfix guidelines or may you suggest any procedure for that?
I don’t think you need to keep track of who enforces and who does not because that’s exactly what DMARC is for. It tells you whether a domain wants messages to be rejected if those tests fail.
You could I guess add this as a kind of override if you wanted to add your own controls for domains that don’t have published DMARC records, but that seems like a lot of effort when there’s a perfectly good mechanism already available and is in the hands of the domain owner.