postfix

What is wrong with my postfix configuration? Why does spam come where the sender is equal to the recipient?

I have my own mail server based on Postfix, Dovecot and MySQL. Everything has been working for many years, and there has never been anything like this (even spam). However, in recent years, spam has become more frequent on my personal mailbox of the same server (and some other users). (maybe because my email is listed in the source code on github in open form?). It seems that with the regular tools of Mozilla Thunderbird I can filter it. I tried to set up Spam Assassin, but no letters with it reach at all. Also tried setting up ClamAv. Now all incoming emails are immediately sent to the target mailbox.
Once, spammers managed to send an email with me as the sender. Postfix is ​​required to request authorization when attempting to send this.
Here are the headlines of that ill-fated letter:

From - Sat Dec 31 19:54:36 2016
X-Account-Key: account4
X-UIDL: 0000786051e7be34
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from 88.255.171.82.dynamic.ttnet.com.tr (unknown [88.255.171.82])
  by mail.myserver.ru (Postfix) with ESMTP id 07C1F54015C
  for <[email protected]>; Sat, 31 Dec 2016 16:54:11 +0000 (UTC)
From: <[email protected]>
To: <[email protected]>
Date: 31 Dec 2016 21:42:03 +0200
MIME-Version: 1.0
Subject: hello
Message-ID: <[email protected]>
Priority: normal
X-mailer: Pegasus Mail for Windows (4.61)
Content-type: multipart/alternative; boundary="Alt-Boundary-26017.1558190"

--Alt-Boundary-26017.1558190
Content-type: text/plain; charset="cp-850"
Content-transfer-encoding: QUOTED-PRINTABLE
Content-description: Mail message body
<содержимое письма тут>
--Alt-Boundary-26017.1558190--

Why is this possible or where did I make a mistake in setting up Postfix?
Postfix version 2.10.1, operating system CentOS 7, turnip 6.el7.
Main.cf server config: https://hastebin.com/dejapumiva.makefile
Note: I tried to include email validation classes, but they either didn't work or skipped nothing at all.
and master.cf config: https://hastebin.com/ewazowafax.bash
EDIT: Also a fragment of the log where the spammer session is listed:

Dec 31 19:54:10 wohlnet postfix/smtpd[3100]: connect from unknown[88.255.171.82]
Dec 31 19:54:11 wohlnet postfix/smtpd[3100]: warning: Unable to look up MX host mail.myserver.ru for Sender address [email protected]: No address associated with hostname
Dec 31 19:54:11 wohlnet postfix/smtpd[3100]: 07C1F54015C: client=unknown[88.255.171.82]
Dec 31 19:54:11 wohlnet postfix/cleanup[3110]: 07C1F54015C: message-id=<[email protected]>
Dec 31 19:54:11 wohlnet postfix/qmgr[4030]: 07C1F54015C: from=<[email protected]>, size=2164, nrcpt=1 (queue active)
Dec 31 19:54:11 wohlnet postfix/virtual[3118]: 07C1F54015C: to=<[email protected]>, relay=virtual, delay=0.72, delays=0.65/0.01/0/0.06, dsn=2.0.0, status=sent (delivered to maildir)

EDIT2: I just tried to send a letter to myself via Telnet from myself without authorization - the letter was sent and came to my mailbox. But when I specified another box in the sender (on mail.ru), the server reacted as expected "Relay access denied". BUT, when I sent it to another box of the same server - the letter went away, this is not the case! Authorization should always be required