My concern is that the email APPEARED to come from me! I was listed as the sender.
Any email server can send any email claiming to come from anyone. DKIM Signatures and SPF records working together with DMARC provides a way to verify if a sending email server is authorized to send an email on behalf of the address used. If your server is not using, checking and validating DMARC then anyone can easily send you or send someone else an email claiming to be from you. Doesn't mean they compromised or got inside of your system or account. They just slapped your name on the "outside of the envelope".
Was the connecting client server IP your servers IP? The IP of the connecting client in the logs is who really sent the message, not the arbitrary email address slapped in the Envelope-From, From header or Sender header.
