If it's NDR's you're seeing, someone might be abusing your domain name for sending spam, as explained in the last paragraph of this document:
. A solution for this problem can be found here
. Same explanation and solution also apply to emails created by viruses somewhere else on the internet, btw.
The internet session is interesting, though. What IP is that user coming from? Anything you know? Is 'anonymous' in all ACL's with 'no access'?