Understanding Postfix Mail Log

hacking postfix email-server

It looks like someone one may be trying to brute force your password. Try doing a base64 decode of the value(s) after AUTH PLAIN. These should allow you to determine if they are using valid credentials.

It is likely they are starting the TLS connection in order to get access to the AUTH command which is usually not available on unencrypted connections.

It would be appropriate to blacklist the source IP at the firewall for a period of time. There are tools like fail2ban which can monitor your logs and take action automatically.

If you don't need external (Internet) access to the mail server, you may want to disable StartTLS and/or AUTH. I only enable AUTH on the Submission port (587), although I don't know how to configure that in Postfix.

Related

Has Apple fixed the iPhone 5 sleep/wake button problem?
Where is the reference to find out how to customize mac behaviour [closed]
Optimum IIS configuration for SSL redirect with multiple certificates installed
Cannot use msdeploy to sync 2 websites - ERROR_FRAMEWORK_VERSIONS_DO_NOT_MATCH
Apache access log rotation
Dependency Challenge with CentOS
How to configure postfix to replace the name of the sender to a configured one
Account lockouts not in Event Viewer
What Event ID is generated when a scheduled task fails in Windows Server 2003?
Toggling enabled/disabled on specific triggers in a task in the task scheduler using powershell (or something else)
Shouldn't Google Compute Engine disk auto-resize when uploading data?
If $σ ∈ S_n$ is a cycle of odd order $m$, show that $σ^2$ is also a cycle of the same order $m$