Let me start off by saying that I am not a system administrator. I am a developer who just bought a VPS which I am going to administer for a webapp that I wrote.

I just installed postfix by just typing "sudo apt-get install postfix"

It's working fine by having my app connect to the server vial localhost on port 25. By default, postfix doesn't require a password. Is this something I need to change? I have no idea if the way it's set up now allows for others to use my server to send bulk spam.

Am I really stupid for leaving all the settings at their default value, or will I be OK?

Using 9.10 64bit