Understanding Postfix Mail Log
It looks like someone one may be trying to brute force your password. Try doing a base64 decode of the value(s) after AUTH PLAIN
. These should allow you to determine if they are using valid credentials.
It is likely they are starting the TLS connection in order to get access to the AUTH command which is usually not available on unencrypted connections.
It would be appropriate to blacklist the source IP at the firewall for a period of time. There are tools like fail2ban
which can monitor your logs and take action automatically.
If you don't need external (Internet) access to the mail server, you may want to disable StartTLS and/or AUTH. I only enable AUTH on the Submission port (587), although I don't know how to configure that in Postfix.