Hello and Hi Rob,
I have an IP address reporting triple the usage as the mail server. I have been unable to find the "bug." I have run the network anayler, autoruns, hijackthis, I have viewed the event log, and run our symantec anti-virus corporate edition to no avail. Hmmmmm.