Hi Nick, thanks for help.
yes, denny@rdpomss.com is users, so I have delete and recreate the user and change the password stronger, reinstall os client and disable android access.
I have 3 office witch 2 of them in the external network (access by internet) an so many user access by smartphone, so I can not use trusted network concept
for encryption type I set none.

my friend said that I have add reject_sender_login_mismatch rule, so the spam can not send email with different account
for this case I have test my smtp with this configuration


I can send email use unknown email but with real account and password.





I have try googling for add reject_sender_login_mismatch rule postfix, but I am not sure about the right script.

Thanks.