Lots of bounce back emails

I have just got 20-30 emails bounce back from antispam servers etc which all contain pretty much the following

Delivery to the following recipient failed permanently:

     randomaddress@randomdomain.com

Technical details of permanent failure:
The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces. Learn more at https://support.google.com/mail/answer/6596

----- Original message -----

X-Received: by 10.68.88.130 with SMTP id bg2mr46869650pbb.129.1441120463094;
        Tue, 01 Sep 2015 08:14:23 -0700 (PDT)
Return-Path: <myname@mydomain.co.uk>
Received: from mydomain.co.uk ([115.112.34.82])
        by mx.google.com with ESMTP id os8si30219863pbc.251.2015.09.01.08.14.20
        for <randomaddress@randomdomain.com>;
        Tue, 01 Sep 2015 08:14:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of myname@mydomain.co.uk designates 115.112.34.82 as permitted sender) client-ip=115.112.34.82;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of myname@mydomain.co.uk designates 115.112.34.82 as permitted sender) smtp.mailfrom=myname@mydomain.co.uk
Received: from mydomain.co.uk (altenwerthlubowitz [282.1586.1616.756])
      by mydomain.co.uk (Postfix) with ESMTP id GPOcoY7tKJ
      for <randomaddress@randomdomain.com>; Tue, 01 Sep 2015 11:14:30 -0400 (MDT)
Received: by mydomain.co.uk (Postfix, from userid 5001)
      id BrCpgJNy6H; Tue, 01 Sep 2015 11:14:30 -0400 (MDT)
Received: from [315.1129.1061.816] (490.1262.1469.180.2IulX6H2pe.bahringerbaumbach.biz [525.1521.1203.210])
      by mydomain.co.uk (Postfix) with ESMTPA id rCy2rc4SfX
      for <randomaddress@randomdomain.com>; Tue, 01 Sep 2015 11:14:30 -0400 (MDT)
To: <randomaddress@randomdomain.com>
From: "Nova Walker" <myname@mydomain.co.uk>
Subject: Complaint of your Internet activity
Message-ID: <55E5C0D6.AD1C7AE0@mydomain.co.uk>
Date: Tue, 01 Sep 2015 11:13:30 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="------------------------030103000905050304090206"

This is a complaint notification. Full details attached. Please notify us within 24 hours with taken actions.

Nova Walker
Direct Tactics Technician
T: 1-965-354-2228
F: 140-358-2275

These haven't come from my ip address. Is there any way to find out how these are being posted? Or to stop bounce backs that didn't originate from my IP address?
LVL 6
CaptainGibletsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

flashwebhostCommented:
Look like hacker/spammer is using your email address to send spam emails.

First change your email password. If possible change it from a Linux live CD or secure computer. Since hacker is able to send email from your email account, he got the password some way, there is high chance your PC is infected with password stealing malware/keylogger.

If you have root SSH access to server, login and check the mail queue and mail server log to investigate further.
CaptainGibletsAuthor Commented:
It is not being sent from my IP address. He is not using my username and password.
flashwebhostCommented:
>  spf=pass (google.com: domain of myname@mydomain.co.uk designates 115.112.34.82

This line says spammer is using your IP to sent email ? Your server IP is 115.112.34.82  ?
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

CaptainGibletsAuthor Commented:
That's not my ip, that ip is located in India, I am from the UK.

My Spf record looks like this.

v=spf1 mx ip4:myIP ptr:SecondaryDomain include:3rdpartywhosendsemails(not 115 ip) all
flashwebhostCommented:
I am not sure why Google says SPF pass if that is not a valid IP.

The IP belongs to EIG Group, they have many large web hosts,  by any chance you are using one of these web hosts ?

The bounce mail is just a delay notification from your server, so the mail is in your servers mail queue and is trying to sent it out..
CaptainGibletsAuthor Commented:
Hi , the bounce backs are not from my server, they are from postmasters from other domains that emails are trying to be delivered to and rejected from. My server is not referenced in anyway in over 40 bounce backs, all they have done is use my email address as a reply to address.

The emails are 100% not coming from my domain. We have 1 external marketing company as you can see from my SPF record that is allowed to send emails as us, nobody else should be allowed.
jmcgOwnerCommented:
I've not looked at SPF before, but doesn't the unqualified "all" at the end of your SPF mean the same thing as +all, i.e. anyone can send?

Or did the ~ get swallowed during the cut'n'paste operation?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CaptainGibletsAuthor Commented:
the - is missing it is in the spf record.
jmcgOwnerCommented:
This does seem to be rather baffling. I wonder if some of the headers were faked. Or sent through a mail server configured as an open relay.

And what about that subject line: "Complaint of your Internet activity"???

Are the names "altenwerthlubowitz" or "bahringerbaumbach.biz" in any way relevant?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.