Spam from Exchange postmaster?

[InorganicMatter]

We have an Exchange 2000 server at the home office. One user in particular (just the boss, no one special ) gets slammed with tons of spam. Lately he's been getting stuff that looks like this:

From: postmaster@iprems.com [postmaster@iprems.com]
Sent: Wednesday, January 07, 2009 5:46 AM
To: Rob Cortiaus (smartldardev)
Subject: Undeliverable: Mail System Error - Returned Mail

Delivery has failed to these recipients or distribution lists:

<removed>
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.

Diagnostic information for administrators:

Generating server: <our Exchange server>

robc@smartldardev.net
#< #5.7.1 smtp;550 5.7.1 Message rejected as spam by Content Filtering.> #SMTP#

Original message headers:

Received: from ali-albazzaz.com ([201.29.90.215]) by uhura3.envmonsvc.com with
Microsoft SMTPSVC(5.0.2195.6713); Wed, 7 Jan 2009 05:51:47 -0600
To: <removed>
Subject: Mail System Error - Returned Mail
From: <removed>
MIME-Version: 1.0
Importance: High
Content-Type: text/html
Return-Path: <removed>
Message-ID: <UHURA30NJHouqJvFTQU0002d25d@uhura3.envmonsvc.com>
X-OriginalArrivalTime: 07 Jan 2009 11:51:48.0436 (UTC) FILETIME=[5257E940:01C970BE]
Date: Wed, 7 Jan 2009 05:51:48 -0600

Strangely, the return path is the same as the To and From path, which somehow causes these to end up in his inbox when a message is marked as spam. What is this?

 

[gimp]

ali-albazzaz.com ([201.29.90.215])

I assume this is not you? This is the originating address of the spam message.

 

[Captain Colonoscopy]

Do you have an SPF record setup for your email domain? Sounds like domain spoofing, some spammer is probably using your domain name in the From: field to send spam.