What's the difference between postfix/smtp and postfix/smtpd

A bit confused when reading through the logs of my smtp/mail server, I'm turning this questions to you guys.

In the maillog files I'm seeing entries for postfix/smtp as well as postfix/smtpd. I can also see that there are possible settings for smtp as well as smtpd in the file main.cf

Trying to find some reasonable explanation through google search seemed to be impossible, so here is my question to you guys.

My server was kind of compromised and the spam mails where going through postfix/smtp and not smtpd. Please help me to understand. Thanks in advance!

This is just so confusing. Thanks to the guy who gave me the down vote, very mature. Considering your answer, why would I restrict my SMTP relay usage by this setting smtpd_recipient_restrictions = permit_sasl_authenticated, when my problem is postfix/smtp sending out spam mails?

@EdwinKrause Have you considered that there may be a program or script on your server that is connecting to the MTA locally and sending emails? The last few times I have had a spammy server was due to a compromised CMS (Wordpress/Joomla/etc) either becomming or allowing upload of a spam-sending script.

That's an interesting thought... I have seen some comment like this before... I'm not using Joomla or Wordpress, but fileupload is possible of course. What would be the easiest way to find the file?

I'm trying to search for recently updated files with WinSCP

Just to make sure I understand correctly... Since the spam mails are sent from postfix/smtp and not from postfix/smtpd, this means they are coming from a local script?? Am I correct here?

@EdwinKrause It is a reasonable assumption that the spam messages are coming from inside the server. If not, the next place to look would be compromised client (someone's email account getting hacked, malware on the end user node, etc).

Great, thanks for that... I'm currently fighting with enabling mail.log for logging the the php mail command