I posted this to netbsd.tech.userlevel and issed a send-pr on this
issue, but received no response. I'm thinking that I'd try one more
time before mailing this to the postfix folks.

This last week, a site manage to use my postfix-20010228pl4 to
relay spam. I finally determined that apparently just activating
permit_mynetworks allows the relay, even if mynetworks explicitly
allows only one ip address.

No, I'm not smart enough to figure out how they did it, but it was
only when I turned off permit_mynetworks for smtpd_recipient_restrictions
and smtpd_client_restrictions that Postfix was able to reject the
relay attempts.

Is anyone else aware of this problem? I would think there would be
some concern by sites that allow domain relaying or relaying by
specified hosts using permit_mynetworks.