Postfix - How to enable SMTP authentication on local delivery

I have an email server running Postfix. Everything is working fine, However, recently, some internal emails received emails from their own addresses with phishing content. After finding out, I learned that Postfix can send internal emails using telnet port 25, sending it internally in my domain does not require authentication. I got the idea of enabling authentication with local domain emails, I searched but got no answer. I appreciate the help Sorry my English is not good so I have to use google translate

It's alerting that someone from the localhost is able to send phishing mail: it means someone is already inside the system or there's e.g. a web application that enables those connections. You shouldn't accept this, but carefully investigate where it's coming from and stop it.

That said, to answer your question, there's nothing special with local delivery regarding SMTP on port 25. Removing this permission could be done (in the main.cf) simply by either

• removing the permit_mynetworks from smtpd_recipient_restrictions or
• removing the 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 from mynetworks.

However, with this your local users must use the submission port(s) to deliver their mail. The authenticated users can by default use any address as an envelope sender. To limit this, the submission and/or smtps services in master.cf should have:

  -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
  -o smtpd_sender_restrictions=reject_sender_login_mismatch

Here, the hash:/etc/postfix/virtual is the same that is used for virtual_alias_maps, because it already has the required [email protected] username format with the correct address to user mappings.

One way of doing it is to open main.cf, search for all the instances of permit_mynetworks and comment them out, then issue a postfix reload.