Dan,
Track down the internal IP that is starting the connection. It is porbably a user getting their outside email, but it might not be.
I'd also suggest someone check the acceptable use policy to see if this situation is covered or prohibited or not.
Is POP3 used inside the company? If not, you could stop monitoring it.
Oh, check with the firewall team, find out if POP3 is allowed inbound. If it is, then you would need to monitor it for protected data leaving the company.
JGT