I would like to know if there is a way to block the email sent through the hosted sites? There are several sites that are using the Ispconfig postfix to send spam. I would like only my email used in Ispconfig to send login to be used.
as an extra possible step, assuming you have a multi-server setup, since a compromised site might have it's one smtp sender installed, you could add an iptables rule to block any outbound connections with a destination of port 25, and force anything that wants to send mail from that server to use an authenticated email account.