We are having an issue where our mail server is sending out a lot of message, but I cannot figure out who or how it is sending. Looking at the POA logs I see: Sender of message (message ID) Gateway.GWIA.Domain.

I checked the SMTP relay settings and made sure Prevent message relaying is checked. And we do not have any exceptions.

Is there a way to check the message ID to see more info on who is sending to see if someone internal account has been compromised?

Thank you,