I've starred at the headers and logs to find some kind of pattern but can't find anything. I never create users such as info@ or sales@ and I advise people not to do it because they are spam magnet addresses. But these are the very addresses that are being delivered to the server root.
Mar 11 06:21:26 server postfix/smtpd: connect from unknown[18.104.22.168]
Mar 11 06:21:27 server postfix/smtpd: 4291C1CB1EE: client=unknown[22.214.171.124]
Mar 11 06:21:28 server postfix/cleanup: 4291C1CB1EE: message-id=<20070311112126.4291C1CB1EE@www.domain.com>
Mar 11 06:21:28 server postfix/qmgr: 4291C1CB1EE: from=<email@example.com>, size=5282, nrcpt=1 (queue active)
Mar 11 06:21:28 server postfix/local: 4291C1CB1EE: to=<firstname.lastname@example.org>, orig_to=<email@example.com>, relay=local, delay=2, status=sent (delivered to mailbox)
Mar 11 06:21:28 server postfix/qmgr: 4291C1CB1EE: removed
Mar 11 06:21:28 server postfix/smtpd: disconnect from unknown[126.96.36.199]
The message headers show the same thing. Original to: firstname.lastname@example.org and delivered to: email@example.com.