Start by running in a command prompt c:\> net stat
This should give you a list of connecting addresses.
You can parse these addresses using the ARIN database if they are external addresses to your network or look at your internal DNS to find out if they are coming from a possibly infected machine on your network.
Things to check for are; is your server an open relay?
If not, likely these emails are coming from the trusted side of your network from an infected machine.
If you have a small network, shut everyone down for 10 minutes and see if your queue still fills up. Likely it won’t and you’ll have a better idea of where the emails are coming from.