It is common that attackers try to login to mailboxes to send spam through them, so you normally see many connects and login attempts from a variety of ip addresses. The default solution for this is to activate the Fail2Ban Postfix and Dovecot jails. They will catch failed login attempts and block attacker IPs.
However, if you found a successful login attempt by a foreign IP, you need to change the password of that mailbox.