I shut down postfix, archived the queue then analyzed it, then deleted it. Changed my SASL password (a very lengthy one before & after), and it appears to be okay now?
Did you (re)use that password somewhere? It is best to have unique passwords, a different one for each login. Years ago I got spam/blackmail type of email stating something like "we got into your network with this pwd and we can do damage, send us some bitcoins". And the password used to be valid (!) years before for another of my email accounts (not for the account on which I got the blackmail). I had it changed back then when their server was hacked. Someone made an online profile for me, all accounts I have, passwords they could retrieve, etc - there is a black market for such. -- This email has been checked for viruses by Avast antivirus software. www.avast.com