Exchange queue is filling with spam

I have Exchange Server 2000 sp3 loaded. I have the latest Norton AV software updated. Currently the email server is throwing out thousands of spam mail messages. I have verified I am not an open relay. I have checked the server for a virus and can not find one. If I stop the SMTP service everything goes back to normal. I can unplug all network connections and the SMTP queues still fill up with spam. Any ideas?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David WilhoitSenior Consultant, ExchangeCommented:
give us your network layout, firewall and such. When you say unplug network connections, are you unplugging the cable from the exchagne server? Did you change the default settings of the SMTP virtual server at all? If so, what changes did you make?

itheadachesAuthor Commented:
I have a Win2K Server running E2K with SP3. There is no firewall between the server and the outside world. The server plugs directly into switch and the switch connections to the T1. One of my goals this month was to move the server behind the DMZ, but they must have hacked it before I could make the move. I have checked the processes in the server, and nothing is really running hard. Only the hard drive spamming messages is making the machine basically unusable. If I unplug the network connection to the outside world the server continues to spam messages. If I stop the SMTP service then all messages in the queue are wiped out and everything on the server is quiet. I also noticed I was able to receive messages when the service was stopped because the computer could respond. If the SMTP service is launched it takes so much on the hard drive almost nothing can come or go.
U unplug all network connection and ur queue gets filled up with tons af messages?
When u do this is ur queue is emty or is already filled up and queue just keeps trying to send them out?If ur answer is that ue queue is empty when u bring smtp online(disonnected)then problem is on exchange server.DO u have outlook installed on exchange?Did u check for spyware and addware on ur exchange.It may be that ur exchange data is corrupted.If So use EXMERGE yes EXMERGE (this will take out all corrupted emails out) to pst all the info cleanout ur MDBDATA folder start ur exchange inorder to have a clean database then use exmerge to import ur data back if u need more help.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

itheadachesAuthor Commented:
Yes when I unplug all network connection my queue gets filled up. It has to be something running on the computer, but I can not find out what. I thought for sure it was the mail virus, but I checked and that does not exist on the server.

I do have outlook express installed, but no one uses it. I only use it to check to make sure a new mail account works. I ran SpyBot to check for any spyware. No spyware running on server. If my exchange data was corrupt nothing would get in or out. I can actually email in and out if I could get the server to quit sending spam messages. When I look in the queue there are 0 messages. Start SMTP and it just keeps climbing at an incredible rate. All the messages are destined to different locations. hotmail, yahoo, aol, excite, etc etc.
If ur exchange is started(smtp)and quese is emtpy before u restart it and it is completely disconnected from everything(ur local network and internet)and then ur smtp gets filled up then there must be somthing
on ur exchange server(i know u said u checked it)that u did not find or the outlook express is the culprit that is what my common sense is telling me.Now if u want a quick solution just make sure u have a good backup format ur exchange then install win2000 join it to the domain(make sure to reset the account in active directory first)run exchange setup disasterrecovery and import ur data back.Use exmerge to take out all ur corrupted emais also.Now this is ur last resort if noone else was able to help u out.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
itheadachesAuthor Commented:
If the SMTP service is stopped is the queues empty? If not how do I go about empting them to make sure no data is in the queues.
No the queue  does not get   emty and u have to emty it manually.Start ur server
freeze the queues then delete them without creating NDR's.After u clean out ur queue and u unfreeze  them and u still get  new messages accumulating in them(with no connection to anywhere) then u have to either format ur server or call MS.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.