Most likely it's a brute-force attack. But also, equally likely, is
that it's not you being targeted. Some call them a drive-by attack.
Bots just scan the internet and when they come across a server, they try
commonly used credentials (username/passwords). They may even try a list
of known / stolen credentials. But it's almost certainly an automated
scan. Statistically speaking.

You'd be far better off, in my opinion, with blocking them at the
firewall. If these source ips are bad actors (people or bots) you
should completely block them. Why block them in postfix only? That
leaves them (or it) open to try attacking other services on your machine(s).

If a robber comes to my house, I'm not gonna lock the door but allow him
to wander around the rest of the property.

Hi Emmanuel,

Mine is a simpler approach. I just use fail2ban [1] to catch offending IPs so I don't have to manage a list manually.

Cheers!
Jopoy

[1] https://www.fail2ban.org/wiki/index.php/Main_Page