I concur with the person who suggested reviewing the DEBUG_README,
particularly reviewing logs surrounding one of the messages in question.
In addition, you've elided too much in the pastebin post to be useful in
answering the following question:
* Is the address in the Received: header your address or the spammer's or
someone else's?
In addition, /what does it look like if/:
* Someone sends mail (using smtp auth) which is from their local account
and delivered locally?
* Someone relays mail (using smtp auth) which is delivered locally?
(I'm omitting /why/ as well as some specific questions which I assume
would be answered by the output from postconf -n, such as what ports
you are running SMTP auth on.)
--
Fred Morris
