There are no web application on this server. Just postfix with SASL authentication and the DNS.
We had the same problem on another Postfix server. In that case there were no DNS. So we can exclude the problem is caused by the DNS.
I can think there's a vulnerability of postfix + SASL but I'm not sure.