paul, check if there are messages still in queue.
i had a comprimized account also and same as you it didnt stop. it did after clearing up the queue list. the user in question has used its email and pass om a website which was omprimized, at least thats what i think. i my case i allow my users only from specific countries for smtp, limited by firewalling. (xtables geoip) i also use zpush (active sync) through webserver, for mobile devices for other countrie support. not a fix, but help avoiding this problem is abuse. and check if you landed on black lists. greetz louis Op 22 okt. 2016 om 19:31 heeft Bill Cole <postfixlists-070...@billmail.scconsult.com> het volgende geschreven: On 22 Oct 2016, at 8:54, /dev/rob0 wrote: Should "closing 'permit' lines" be removed from live configurations? Of course not. That is how it works. If not specified as the OP did it, the ending value of any restriction stage is "permit". If not, mail would not be accepted at all. Not exactly. In principle one can end a restriction list with 'reject' if all desired 'permit' cases are covered by previous directives. In smtpd_recipient_restrictions this implies a check_recipient_access directive that permits local recipients (obviously AFTER anti-spam restrictions). And of course, many master.cf files include a service defined like this: submission inet n - n - - smtpd -o syslog_name=postfix/submit -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING