fiveyes

OK, then the messages that bounce back to you with the subject line "failure notice" will be from the qmail programs that will send along the original headers. However, most likely that will only reveal that the original sender was using forged headers through an open relay such as "mail.oiotank.com" (a, seemingly korean-based, rogue host), which doesn't even bother doing a HELO verification back to the sender. In other words, to stop the SPAM, you'd either have to convince the host of the open relay to close their hole up (good luck with that! It may well be run by a spam outfit, eh.) or put a sniffer upstream from them to intercept the original packets as they come in and step-trace back to the origin.

Either way, the result, even if it's an unintentional side effect, is a Denial Of Service attack and should be reported to the authorities. You can contact your state's attorney general office, file a complaint at https://rn.ftc.gov/dod/wsolcq$.startup?Z_ORG_CODE=PU01 or even contact your local law enforcement agency, who may take the incident seriously enough to "refer you on up". Check out http://www.camblab.com/nugget/extermin.htm, http://easyweb.easynet.co.uk/~gcaselton/spam/spam.html (somewhat dated, but still mostly good) and news://news.admin.net-abuse.email if you feel like getting pro-active...