Hopefully this is in the right spot and someone can help. I apologize if it is in any way not Kosher. Unfortunately securing mail services on my own has always been a bane and usually I have broken down to using something like hMail on windows.
As I understand it from the searching I have been doing, Virtualmin should have SMTP set up for required authentication from the get-go. Unfortunately it seems ever since I have added an alias domain to my server, I am getting a lot of strange bounceback/delivery notification errors off of messages not sent by me. In fact this server is relatively new with no other users on it but my own, a single email address as a catch-all with myself being the only person who knows the credentials, and one domain, an alias domain for it, and 2 subdomains set up as sub-servers.
I set up the sole email address in Thunderbird and seem to recall it warned something about a lack of SMTP authentication which makes me wonder. A second wonder is the settings for using it as a relay server and locking those down if not already done.
Right now for the time being I have PostFix turned off until I can sort this. I don’t have anything at the moment which needs it so I can leave it this way for as long as necessary.