I’m operating a webserver for shared webspace accounts. I’m not responsible for the stuff hosted on the webspace, but for the server itself. Many people like to host their wordpress or joomla on this server, both scripts are well known for a large list of vulnerabilities. I’m running a local postfix for sending my cron mails, but I don’t want that php scripts abuse my Postfix for sending spam. You can advice Postfix to only accept mails, that are delivered via sendmail/mail, from certain users (root in my case). First, create a file that holds every system user that is allowed to send mails:
# cat /etc/postfix/AllowedSystemUsers
root OK
Than tell Postfix to honor this file:
echo 'authorized_submit_users = hash:/etc/postfix/AllowedSystemUsers' >> /etc/postfix/main.cf
Last step, create a hashmal and reload Postfix to active the changes:
postmap /etc/postfix/AllowedSystemUsers systemctl reload postfix.service
You can add more users to the file if you want, but keep in mind that you always have to run the postmap command.
(Take a look here for more)