Postfix still trying to send spam despite closing open relay [duplicate]

uid 33 is by default www-data in Debian, and is used by Apache. Do you happen to run a web server and some PHP applications with it? Perhaps there's a mail form or something else that can be used for spamming? See the client IP from Apache access log if this is the case, though probably you are being attacked by a random botnet so blocking individual IPs won't help.

You are not necessarily hacked and compromised at all, most likely there's just a vulnerable PHP script which can be used for spamming. Of course it's better to be cautious and check all the corners for other suspicious activity, but this is my guess.

Updating that web application, removing it, or restricting access to it should solve your problem. You might also want to take a look at mod_security, although it might be way too heavy for simple use.

Dec  1 12:04:56 server postfix/pickup[3267]: E18411FA4: uid=33 from=<[email protected]>

This is a local submission, i.e. by an account on the postfix machine.
Its UID is 33; consult /etc/passwd to find out which account this is.

You can control local submission by configuring authorized_submit_users in main.cf.

Apart from the obvious (disconnect machine from the internet, make a snapshot of your log and tmp dirs, and investigate offline), you are messing around with too many variables at once - for instance, closing both port 25 on the router AND disabling port 25 submission in postfix is unnecessary, and can only confuse you later.

Try to limit yourself to making one change at a time, testing it thoroughly, and then undoing it and trying another change.