Large number of Rejected relay attempts on server

I get a self made report about a very high sender count on one of my servers: 2019-01-15 16:39:40 H=myserver.com [xxx.xxx.xxx.xxx]:34752 Warning: Sender rate 50099.3 / 1h I investigate and see that I have a 6 figure amount of "Rejected relay attempts" on the server. In "Mail Delivery Reports" they look like this, all from unknown addresses to unknown addresses. xxx.xxx.xxx.xxx is my servers IP. Event: rejected rejected Sender User: -remote- Sender Domain: From Address: unknown_from@address_not_on_my_server.com Sender: Sent Time: Jan 15, 2019, 5:00:17 PM Sender Host: myserver.com Sender IP: xxx.xxx.xxx.xxx Authentication: unauthorized Recipient: unknown_to@address.com Delivered To: Delivery User: Delivery Domain: address.com Router: reject Transport: **rejected** Out Time: Jan 15, 2019, 5:00:17 PM ID: 1gjR8C-000A2e-Am Delivery Host: myserver.com Delivery IP: xxx.xxx.xxx.xxx Size: 0 bytes Result: Rejected relay attempt: 'xxx.xxx.xxx.xxx' From: 'unknown_from@address_not_on_my_server.com' To: 'unknown_to@address.com'
I have never seen such a large number of these and am wondering how I can trace it. It seems all the connections are local so is it a local script I just cannot find through normal means? I monitor php scripts but that report does not show anything close to these numbers. I can find all the attempts in exim_mainlog but no identifying pieces other that it's local. Anyone able to point me in a new direction? Thanks.