I was doing some work on the GWIA which caused me to observe the log a bit more closely than usual and I happened to notice a couple of internal addresses initiating sessions with the GWIA. Could this be legitimate or do I need a tool for detecting unauthorized uses of our SMTP server?