How to exclude remote Windows MailSlot access for universal well-known LOCAL SIDs?

Question

I try to windows Mailslots for interprocess communication but I'd like to refuse any remote communication. I set well-known LOCAL sid for my mailslot BUT I still could write to mailslot from another computer in my domain

SID_IDENTIFIER_AUTHORITY sid_auth_local = SECURITY_LOCAL_SID_AUTHORITY;
if (AllocateAndInitializeSid(&sid_auth_local, 1,
    SECURITY_LOCAL_LOGON_RID, 0, 0, 0, 0, 0, 0, 0, &localSid)) 

client:

if ((mailslot = CreateFileA("\\\\MYDOMAIN\\mailslot\\MYSLOT", GENERIC_WRITE,
    FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) == INVALID_HANDLE_VALUE)

I've attached client server example.

What is wrong here? Is there the way to exclude remote connection through mailslots? Thx.

server example:

#include <windows.h>
#include <stdio.h>
#include <conio.h>
#include <accctrl.h>
#include <aclapi.h>

int main(void)
{
    char buffer[4];
    DWORD readBytes;
    DWORD res;
    HANDLE mailslot;

    PSID localSid = NULL;
    PACL acl = NULL;

    SECURITY_ATTRIBUTES *p_sa = NULL;

    SECURITY_DESCRIPTOR sd;
    EXPLICIT_ACCESS_A ea;
    SECURITY_ATTRIBUTES sa;
    SID_IDENTIFIER_AUTHORITY sid_auth_local = SECURITY_LOCAL_SID_AUTHORITY;

    if (AllocateAndInitializeSid(&sid_auth_local, 1,
        SECURITY_LOCAL_LOGON_RID, 0, 0, 0, 0, 0, 0, 0, &localSid)) //SECURITY_LOCAL_LOGON_RID
    {
        ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
        ea.grfAccessPermissions = GENERIC_READ | GENERIC_WRITE;
        ea.grfAccessMode = SET_ACCESS;
        ea.grfInheritance = NO_INHERITANCE;
        ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
        ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
        ea.Trustee.ptstrName = (LPSTR)localSid;

        if (SetEntriesInAclA(1, &ea, NULL, &acl) == ERROR_SUCCESS &&
            InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION) &&
            SetSecurityDescriptorDacl(&sd, TRUE, acl, FALSE))
        {
            sa.nLength = sizeof(SECURITY_ATTRIBUTES);
            sa.lpSecurityDescriptor = &sd;
            sa.bInheritHandle = FALSE;
            p_sa = &sa;
        }
    }

    if ((mailslot = CreateMailslot(L"\\\\.\\mailslot\\MYSLOT", 2048, MAILSLOT_WAIT_FOREVER, p_sa)) == INVALID_HANDLE_VALUE)
    {
        printf("Failed to create a MailSlot %d\n", GetLastError());
        return 0;
    }

    if (localSid) FreeSid(localSid);
    if (acl) LocalFree(acl);

    while ((res = ReadFile(mailslot, buffer, 4, &readBytes, NULL)) != 0)
    {
        printf("Received %d bytes %s\n", readBytes, buffer);
    }

    CloseHandle(mailslot);

    return 0;
}

client example:

#include <windows.h>
#include <stdio.h>

void main(int argc, char *argv[])
{
    HANDLE mailslot;
    DWORD writtenBytes;
    if ((mailslot = CreateFileA("\\\\MYDOMAIN\\mailslot\\MYSLOT", GENERIC_WRITE,
        FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) == INVALID_HANDLE_VALUE)
    {
        printf("CreateFile failed with error %d\n", GetLastError());
        return;
    }

    if (WriteFile(mailslot, "Hi\n", 3, &writtenBytes, NULL) == 0)
    {
        printf("WriteFile failed with error %d\n", GetLastError());
        return;
    }
    printf("Wrote %d bytes\n", writtenBytes);
    CloseHandle(mailslot);
}