1) The postmaster is an external address meant for sending out "system-generated messages and notifications sent to message senders that exist outside your Microsoft Exchange Online organization."
Configure the external postmaster address in Exchange Online
2) To mitigate further attacks I would recommend you set up MFA for your organization as a good start. You cannot stop unsuccessful sign-in notifications as bots/people may be trying to attack that e-mail all the time (brute force, etc).
Set up multifactor authentication for Microsoft 365
If this helps please mark as correct answer.