Yesterday I found that 10 thousand e-mail messages were sent through my system using this configuration:
http://pastebin.com/bThpH1s8 - main.cf
http://pastebin.com/kkxxsstP - master.cf
I temporarily blocked the whole spamer's ISP's IP range, but obviously the problem is in the Postfix configuration. 25 port is now closed, so relay tests give a negative answer.
I wonder if there anything else I could do to HAVE 25 port open and a closed relay SMTP server? Why does it allow unauthorized use?