Do such network events indicate attack attempts? [closed]


logcheck fished out some suspicious log records for me:

May 11 15:50:50 mailserver dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.2.3.4, lip=10.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number, session=<Gf6Gol+lJgItjVcH> May 12 06:17:10 mailserver dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=5.6.7.8, lip=10.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F09C:SSL routines:ssl3_get_record:http request, session=<NYC/vGulRn+nrNEM> May 13 09:02:52 mailserver dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=9.10.11.12, lip=10.0.0.1, TLS handshaking: SSL_accept() failed: error:1417D0FC:SSL routines:tls_process_client_hello:unknown protocol, session=<6x8rK4KlPNdZ+KwQ> May 13 09:02:53 mailserver dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=13.14.15.16, lip=10.0.0.1, TLS handshaking: SSL_accept() failed: error:1417D18C:SSL routines:tls_process_client_hello:version too low, session=<Prc7K4KlutdZ+KwQ> May 13 09:02:59 mailserver dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=17.18.19.20, lip=10.0.0.1, TLS handshaking: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher, session=<v0yhK4KlztpZ+KwQ> 

Those records seem suspicious to me, as if they indicated attacks on my internet-exposed network services. Are they? What can you tell me about security risk of particular events here?