Attaque SPAM relayée par un postfix

Bonjour,
J’ai un serveur postfix qui ne servait plus depuis qq années qui a été la cible d’un envoi de 75278 mails dont voici le header d’un exemplaire:

Received: from PR1P264MB3769.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:181::9)
by PR0P264MB1530.FRAP264.PROD.OUTLOOK.COM with HTTPS; Thu, 3 Feb 2022
09:01:44 +0000
Received: from PR3P193CA0040.EURP193.PROD.OUTLOOK.COM (2603:10a6:102:51::15)
by PR1P264MB3769.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:181::9) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.15; Thu, 3 Feb
2022 09:01:43 +0000
Received: from PR2FRA01FT006.eop-fra01.prod.protection.outlook.com
(2603:10a6:102:51:cafe::34) by PR3P193CA0040.outlook.office365.com
(2603:10a6:102:51::15) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.11 via Frontend
Transport; Thu, 3 Feb 2022 09:01:43 +0000
Authentication-Results: spf=none (sender IP is 217.72.192.102)
smtp.helo=mout-bounce.kundenserver.de; dkim=none (message not signed)
header.d=none;dmarc=fail action=quarantine
header.from=le.fqdn;compauth=fail reason=000
Received-SPF: None (protection.outlook.com: mout-bounce.kundenserver.de does
not designate permitted sender hosts)
Received: from mout-bounce.kundenserver.de (217.72.192.102) by
PR2FRA01FT006.mail.protection.outlook.com (10.152.48.99) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.4951.12 via Frontend Transport; Thu, 3 Feb 2022 09:01:43 +0000
Authentication-Results-Original: mqeue113.server.lan; dkim=none
Received: from le.fqdn ([xx.xx.xx.xx]) by
mx.kundenserver.de (mxeue111 [217.72.192.67]) with ESMTP (Nemesis) id
1MQNyZ-1mtK911tIX-00MKM4 for plateforme@bambou.cfa-epure.com; Thu, 03 Feb
2022 10:01:42 +0100
Received: by le.fqdn (Postfix)
id 39353C337A; Thu, 3 Feb 2022 10:01:32 +0100 (CET)
Date: Thu, 3 Feb 2022 10:01:32 +0100 (CET)
From: MAILER-DAEMON@le.fqdn (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: plateforme@bambou.cfa-epure.com
Auto-Submitted: auto-replied
Message-Id: 20220203090132.39353C337A@le.fqdn
Envelope-To: plateforme@bambou.cfa-epure.com
X-UI-Loop: V01:6QL5ZV6wwJ0=:v3y0cpIWTPOY5LC4P6hZj2MIN3KJO73uhVjJRedCZUc=
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:Gt3Q3/3n30M=:Ears1Q5hxKpDLFIwR3dWwy
26cyhEgFcPD7bbU7ex/z3rREAWDBnQpVV6YWzIGx7j9jh5TctRsajC7d/tfupjc/i8YRmmyPj
aKFJs8RN6uoV/pZZcim7yWMBd7cyIHS/IRt+mPW3blErmngZ/f8M9o//rZxNX7vS/QwwyEKip
aGU6GGVEIQD0kPCwmcehdXAmyv7HK45p8eHn11DHJCIS8sY/WPtY5n2HLYLPYLxF/w95XdnU0
O66gplbPw4hbDCkf2BEXA+CAwCpNEXyAS/j9f7npjB8fxaw/1Jn8Rp5IZ/67GOTK7WMwmCBb9
aRi/hyZXxe6vCE8k1SVDl55WrTZCKPG1AwnsXwELDo0pk35549Mu7Xv4zvHTCBXOD1rzvO18P
PEUyNGB2HSHe8w1D6A/cIO9xhLrUWKHSE4JKt8DYCrax8s8cc4g6I4OnVW/4Vq/cn3cElczBd
nKE6yhyesg==
Return-Path: <>
X-MS-Exchange-Organization-ExpirationStartTime: 03 Feb 2022 09:01:43.4785
(UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
a694feb1-d7a0-4c4c-3a35-08d9e6f3ccaa
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: d8fdd076-bcb9-4323-af02-1c22f8a3f5b7:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-PublicTrafficType: Email
X-MS-Exchange-Organization-AuthSource:
PR2FRA01FT006.eop-fra01.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Office365-Filtering-Correlation-Id: a694feb1-d7a0-4c4c-3a35-08d9e6f3ccaa
X-MS-TrafficTypeDiagnostic: PR1P264MB3769:EE_
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-Organization-SCL: 5
X-Forefront-Antispam-Report:
CIP:217.72.192.102;CTRY:DE;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mout-bounce.kundenserver.de;PTR:mout-bounce.kundenserver.de;CAT:SPOOF;SFS:(13230001)(1930700014)(356005)(26005)(6266002)(1076003)(58800400005)(7596003)(7636003)(42882007)(9686003)(33964004)(336012)(83380400001)(33656002)(5660300002)(34206002)(22186003)(42186006)(8676002)(78352004)(1096003);DIR:INB;
X-Microsoft-Antispam: BCL:0;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Feb 2022 09:01:43.4004
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a694feb1-d7a0-4c4c-3a35-08d9e6f3ccaa
X-MS-Exchange-CrossTenant-Id: d8fdd076-bcb9-4323-af02-1c22f8a3f5b7
X-MS-Exchange-CrossTenant-AuthSource:
PR2FRA01FT006.eop-fra01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR1P264MB3769
X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.2063751
X-MS-Exchange-Processed-By-BccFoldering: 15.20.4951.012
X-Microsoft-Antispam-Mailbox-Delivery:
ucf:0;jmr:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(910001)(944506458)(944626604)(920097)(930097)(3100021);RF:JunkEmail;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?pa5WZ1znAJz+0RVwhX+Zyddsf+RnMp5C7HZ1XFb49x5lKAfwjAfTfQPtZkvY?=
...
boundary="B_3726808695_475925881"
MIME-Version: 1.0

Peut on en déduire d’où vient l’attaque ?

Merci pour vos remarques