virtualmin sertup for postfix to avoid spam from webserver

Im trying to force it so that all mail that are sent from any php based (actually any website) on a local server only goes out if the user has set up autentication on the website, I tried to set the sendmail to be sendmail.postfix (in sendmail_path in php.ini, anso the php file for the local user…)

I need a easy way to set the system so that all emails (excetp inbound mail to legimit users on the server) have to log on.

any another question, why isnt this default beahviour on virtualmin pro???