If remote user is sending using an authenticated SMTP session, you would find his name within chkuser logging.
Look at these entries from my smtpd log:
@40000000425d6a992de7abbc.s:@40000000425d6a2c106b451c CHKUSER rejected rcpt: from <::> remote <fusion.fast-servers.net:unknown:126.96.36.199> rcpt <[EMAIL PROTECTED]> : not existing recipient
@40000000425d6a992de7abbc.s:@40000000425d6a250b7faffc CHKUSER rejected rcpt: from <::> remote <mx03.scottish-southern.co.uk:unknown:188.8.131.52> rcpt <[EMAIL PROTECTED]> : not existing recipient
rcpt: from <::> have no user name. Is that the right place for this information.
What I'm missing?
Looks to me like someone used your domain(s) as the From address when sending out spam, those messages bounced to who ever the sent them to and now they are being returned (falsely, but what are you going to do about faked From addresses).
Happens to us every so often as well, usually keeps up for about 12 hours on our servers, then slows down and stops.
Happened Sunday night to us actually.