Sounds like someone is using your server for storage or distribution, quite likely things you don't want there...
Firewalls are only as good as you set them. I'd expect that you've closed all ports on the router(s) except the relatively few needed for expected traffic. But last I heard the saying "Anything can be hacked if the hacker is determined" is even more true today, but you can (and probably did) make it hard to be hacked. The gloves have come off and the bad guys are not lurking in the background anymore!
Besides being behind a firewall,
best practices says:
Turn off and/or remove unneeded services
Protect critcal but powers system tools and commands such as command.com, cmd.exe, edit.com and others (In NT4 admins were told to either "hide" them by moving them to a separate utility directory you can specify or rename them, but I think in Win2000 you can configure administrator level permissions, though a hacker may have ways around that...)
Don't forget to have a virus scanner running on the mail server checking all emails coming in, as someone may have snuck the loader for the hack in an attachment
I don't want to think about internet browsers hitting a hacked site...
Don't forget to have all the network computers scanned with up-to-date AV software, maybe SpyBot too.