Hit ENTER after each Tag to add it to your post; Numbers in parentheses represent the Tag's usage.
So your mail server keeps wonderful logs. I much prefer the log format to that of Exim for example.
All the inter-delivery-chain correlation that is provided by watching an incoming message be saved to a timesamp-named file, which is logged as such, and is present in the spool directory, is very useful.
However in absolutely nowhere in the web interface can I find any representation of what the .hdr file contains.
I need to know if an authenticated user has sent the message - and would prefer to simply go to view the message in the GUI to do such. I don't want to dig into the filesystem and look for the .hdr file that matches the message filename/id and then see "auth user@somelocaldomain"
Why in 13 versions haven't you found this as useful of a feature to present blatantly to the admin who is attempting to find out where the spam is coming from?
What method _do you yourselves_ use to determine if the crap in-spool is authenticated local user? or otherwise remotely originated? I cannot find a single representation of such in the GUI. So I can only guess you as well relegate to logs and viewing the actual spool files to get this info.
It doesn't work too well for remote admins...
Please put some view of either locally authenticated vs remote origination in the spool view.