Looks rather like a scanning attack (finding vulnerabilities). I think they are trying to do a SSL type of attack like HEARTBLEED but your server isn't vulnerable. Looks also like they are sending HTTP requests (encapsulated in SSL/TLS) to a mail server, which seems to be a extremely stupid bot scanner.
Its clear from the log, the attacker isn't even attemping to authenticate (0 attempts). The attacker hasn't propably not even realized he is connecting to a mail server.
smime.p7s
Description: S/MIME Cryptographic Signature
