were any successful? do your logs include IP addresses? have you traced the connections back to their true origin? is it really worth all the effort to find them, if they didn't get in? is this the first time your box(es) have been probed/hit?
I dont know if its an attack or not, but I think it would be inccorect for darksky to say it happens all the time, at least your case where you said "There are hundreds such attempts for almost every user that exists in my passwd file"
Now ofcourse this could be proven untrue if all user names where like bob and joe, whats the ratio to real usernames, to ones that dont exsist on the server.
Are we all jumping the gun a bit here, hostchamp says...
There are hundreds such attempts for almost every user that exists in my passwd file, is someone trying to gain entry using pop3 daemon with uid=0?
... now unless someone also knows the names of the accounts there would also be a lot of entries with otheruser names from a hacker? I have seen something similar to this on my home system where each time I log into a local pop account I get 2 entries like this but I still get access, I am unsure what is wrong and have not got the time to try and figure it out.
Anyway all I am saying is, are you sure you do not get an entry like this each time a real customer accesses his/her pop account ???
When I had my server emailing me with the root logs, it really freaked me out at first when I'd get a page on my phone telling me I got an, "Active System Attack!" Every couple of days. I'd get hundreds of things like you listed above as well. There are more script kiddies than there are servers out there. A proper ipchains/iptables setup will help a lot.
I find my sysadmins are much happier if I just don't look at the logs