How to deny mails from a virtual server through localhost


Does anyone know if it is possible to deny a virtual server to send mails through localhost within the VirtualMin configuration.
We are currently experiencing CMS sites which are being used to send SPAM mails through us and we would like to solve this issue one way or the other.

If we could deny mail options for a specific site we could close down this option if the customer is not using it.
Secondly, we would like to change the web server settings to use SMTP auth before sending mails, but not all the virtual sites we have setup have their mail server located on the virtualmin server, could that give us some issues?

Any help is much appreciated on the issues we have above.

Thanks in advance.

  • Tim

Virtualmin by default configures Postfix to allow relaying (sending mail to non-local destinations) from the local computer without authentication. I don’t think it’s possible to lift this permission for a specific website.

Somehow Postfix has to distinguish who is allowed to send and who isn’t. I see no reliable means of telling one site apart from another from Postfix’ point of view, since they all do it via TCP connect to port 25, except for disallowing relaying from local sites altogether and requiring SMTP authentication for all sites.

About your second question, it should make no difference whether the mail server is on the localhost or a different machine when you instruct the website to use SMTP auth. To Postfix, any client connecting to port 25 (or 587) and doing SMTP auth can be website code, or just a regular email user, it doesn’t really know (or care about) that.