Forcing local users to use submission for all outbound email

Hi there!

I've been reading the documentacion as well as googling around but I've
been unable to figure this out:

I have several hosting servers. I'd like all web sites hosted in those
servers not to be able to send outbound mail without authenticating first.
Same thing for shell users. What I'm really trying to achieve is that
everybody (local accounts and php scripts running under www-data) will be
forced to use the submission service (smtp-auth, tls activated) for all
outbound emails, keeping non-authenticated connections just for internal
emails (usually from services to the system administrator)

Any guru willing to point me into the right direction? TIA!!