I believe I found the Header info you are referring to however the messages do not seem to be coming from an internal IP but rather from a different country than that of where I am located.
Some Examples:
Received: from 176-8-233-114-broadband.kyivstar.net (HELO peslpwfxiro) (176.8.233.114)
Received: from Unknown (HELO swipzxpmwuhn) (188.124.66.50)
Received: from unallocated.sta.lan.ua (HELO oeqhvhzslc) (92.249.90.178)
Received: from Unknown (HELO swipzxpmwuhn) (188.124.66.50)
Received: from 2.133.211.230.megaline.telecom.kz (HELO wkiavourcywf) (2.133.211.230)
Here is a sample of a complete message:
Received: (qmail 30320 invoked by uid 453); 14 Aug 2013 17:48:21 -0000
X-Virus-Checked: Checked by ClamAV on mydomain.ca
Received: from Unknown (HELO xsovcx) (83.167.25.32)
(smtp-auth username robing, mechanism login)
by mydomain.ca (qpsmtpd/0.84) with (AES128-SHA encrypted) ESMTPSA; Wed, 14 Aug 2013 12:48:21 -0500
Date: Wed, 14 Aug 2013 18:39:32 -0700
To: <krazie42069@hotmail.com>, <mindaym@aol.com>, <eangli14@gmail.com>, <mstutz19@aol.com>, <chris_polar1@hotmail.com>, <tonya0429@aol.com>, <strictly_buisness22@hotmail.com>, <stevenharnagel@yahoo.com>, <ha0345@qmul.ac.uk>
Subject:
From: "Hh" <xa@mydomain.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-2"
http://www.bikesandmore.ch/movie.htm pyn bywu muvu
xoniso s nihupo
This is really weird and hard to stop.