Exchange 2003 SMTP Queue mass mailing even when not on LAN

[Orbital911]

I am running Windows 2003 Server Ent Edition fully patched along with Exchange Server 2003 Enterprise also fully patched. I have absolutely confirmed the SMTP connector is not an open relay, and I am experiencing the strangest thing. In my SMTP queues, I have a queue going to "multimania.com" and it generates almost several THOUSAND messages per minute into the queue, even when the Exchange server is completely off the network and all client workstations are shut down. I have consulted Symantec, and they can offer no solution, and none of their tools or scanning apps are detecting anything. I have even went as far as running Spybot and Ad-Aware in the remote event that it could be some sort of spyware. I have absolutely no clue where this could be coming from, and I have heard other say it resembles what is known as a reverse NDR attack, but how can this be possible when the server has no outbound connectivity? Any suggestions would be immensely helpful in helping me resolve this. These messages generating in the queue cause by STORE.EXE and INETINFO.EXE processes to consume more and more memory by the minute until the system is virtually unresponsive.

 

[sidetracked]

I would deny the ip address of the server, disable the guest account on the server, and run packet monitoring utilities on the server.

MCSE 2K - MCSA 2K - NET+ - A+

Paul..