You can find your logs in you “home” user directory in the “logs” directory. Note that this is not within you “mydomain.tld” directory, but one level above that - which is where you should be when you log in via ftp/ssh.
Within that “logs” directory, youwill find a directory for each domain your user hosts, and you logfs will be in that directory for the respective domain. They are just text files, so they can be read with any shell tool file listing tool, or downloaded to your computer for viewing/searching/etc.
Reading headers can be as much “art” as science at times. I think this is a good guide to how to read email headers(there are many out there - this is just one that I think is particularly good).
That said, it looks to me as though this mail may have actually originated from a(your?) Dreamhost domain, given the “first” identifiable IP address to have forwarded the message being 22.214.171.124, which is a Dreamhost IP address for a mail server. Granted, it could be forged, but in my experience forgers dont often match the “name” of the identified server with the “correct” IP address.
If you did not send it, it is possible that a compromised script on your server allowed this to be sent, and if that is what happened you should deal with it immediately.
It certainly warrants inspecting more of the emails for patterns, and times to see if there is a pattern here. I’d also check my logs for suspicious activity, and/or contact support for additional help. I could be wrong about this, but at this point it is starting to look to me like a possible compromise.