I've set up a VPS which is working fine. I'm using postfix server to send email using PHP. I was just checking the log files and I noticed that my server is getting a connecting request or connecting to a different host every 2-3 seconds.
Is this a normal behavior? I've no idea what hosted-by.blazingfast.io hostname is. Is this safe or it's infected by malware? My VPS is hosted on digitalocean.
Your logs are full of sequences containing:
These are incoming connections. Every mail server gets for example this kind of brute force login attempts at some point. That's not the only thing you'll see in your logs. Just make sure you have suitable Postfix SMTP relay and access control to handle everything bad the Internet has to offer for SMTP servers. The most important thing is to avoid configuring your mail server as an open relay, which would cause malicious outbound connections, too.
For this specific issue, you could use Fail2Ban to temporarily ban such IP address. There are plenty of tutorials, but maxretry = 3 used in this one can easily cause real users to be banned, too. I'd recommend:
[postfix]
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 7
At least in Debian, postfix-sasl.conf has predefined failregex for these authentication failures.
Bots are attempting to authenticate against your mail server likely in hopes to send spam. This is normal for an internet facing mail server and as long as your server is appropriately secured you have nothing to worry about.
