Botnets trying to bruteforce your credentials. If they compromise an SMTP accounts, they will likely start sending spam from your server. If you monitor your windows events, you will likely see the same happening on RDP. My server has about 3,000 new distinct IP attempting to brute force my server each month, and growing.
I ended up writing a script that monitors IIS logs, smartermail logs and windows events for these connection attempts and block IPs through the firewall. Of course you need to be able to monitor that and unblock your own users. Also make sure you have an IP whitelist if your office has static IPs.
Otherwise you can use the smartermail built in bruteforce prevention settings but I suggest you toughen them. To do the same on RDP, you can use a software like RDPGuard. Also worth renaming your admin accounts both on smartermail and windows. Admin and Administrator are the two most commonly attacked logins.