Today I found that our Exchange 5.5 server, which was long ago closed to open-relay, was trying relay 10,000 junk emails in the IMC queue. So I'm trying to hunt down the culprit:

Even though we're closed off to open relay, I completely shut down port 25 to the outside world. So no inbound SMTP connections are coming in. Problem still persists, so I deduced that the problem was internal.

I updated definitions and ran a virus sweep with Symantec AV. Everyone came up clean (about 30 PCs).

I am using a packet capturing utility, but I am not finding any internal sessions being created to port 25. The only traffic seems to my my Exchange trying to send out all the junk email. Does Exchange/Outlook use ports other than 25 to queue up mail in the server?

I have turned off all inbound and outbound routing in Exchange and deleted all 10,000 messages. I then restarted the IMC services. However, no matter how many times I try to delete all the junk, they keep coming back. And Exchange keeps trying to send it out, even though I have turned off routing. What the heck?

I'm using Exch 5.5 SP4. Anyone got any ideas? Hoping to have this server up by tomorrow morning (Wednesday).