I am going through my first steps on VPS management and configuration; been able to install PHP, mySql, phpMyAdmin, postfix, etc ... and migrate a Wordpress from an existing shared server to this VPS.
Sorry for my question being naive, but when testing postfix with the php mail function, I purposely sent the email with a "From" header which was not my own email address (don't worry, nothing serious).
Question is: the email was sent and received in my inbox as if it was sent by somebody else! Is it this easy to send a fake email with php and postfix? (of course, checking email headers reveals the truth).
How can I restrict my VPS from being able to send emails from arbitrary addresses?
Thank you.