Ok, i'll will explain you the situation. We use to receive email through an ISP that own the MX. Now, we are preparing to get the MX. This server have opened IMAP over SSL and SMTP over SSL with authentication to allow corporate users send and receive mail from internet. Few days ago i opened SMTP with anonymous authentication (but only relaying WITH authentication) to begin the test of redirect MX to it. I left this opened and today, when i look i found this huge logs... Now, i configured the server to allow only encrypted authentication (no anonymous sessions) and it stopped... so, if it is compromised, it would be the same even if only authenticaed sessions are allowed to send mail, isn't it?