So recently some Russian cunt(s) started relaying email through my postfix server. I finally figured out I had a check_sender_access in my smtpd_helo_restrictions AND smtpd_sender_restrictions. With entire domains listed spammers found one of the domains to send from and then used my server as an open relay.
-Don’t put entire domains in sender_access as OK.
-Don’t put check_sender_access in smtpd_helo_restrictions AND smtpd_sender_restrictions. Took a minute for the fuckers to find, but once they did I got lit up.