Those emails can be ignored if not needed - no need to worry, no-one can use password recovery screen to get someones passwords. I restarted the mail server, that should have reseted the email queue and fixed the weird problem.
There must be some kind of glitch, since retrieving password is no security problem for our forum software (CommunityServer): when a link to change password is requested, there's no way someone can catch the email sent to the users account. Brute force attacks will most like be hammering the login-screen, not password request -form.
However, I did notice that new user registration is currenly "automatic" which is now changed to Email - so that will prevent spammers from creating multiple accounts without emails.