Is my box being used by spammers?

My catchall address gets 10-20 emails per day of non-deliverable mail sent from domain users addresses that should not exist. For example below, some fake user has sent email that is not deliverable.

What is going on here? What can/should I do to fix this? Thanks for any help!!

Delivery to the following recipient failed permanently:

----- Original message -----

X-Received: by with SMTP id r9mr6268820pap.143.1438888037129;
Thu, 06 Aug 2015 12:07:17 -0700 (PDT)
Received: from ([])
by with ESMTP id pq9si13208565pbc.104.2015.
Thu, 06 Aug 2015 12:07:16 -0700 (PDT)
Received-SPF: fail ( domain of does not designate as permitted sender) client-ip=;
spf=fail ( domain of does not designate as permitted sender);
dmarc=fail (p=QUARANTINE dis=QUARANTINE)
Received: from akm (unknown [])
by with SMTP id NewIyHRhFvLaCOQJ.1
for; Fri, 07 Aug 2015 03:01:59 +0800
Date: Fri, 7 Aug 2015 03:01:52 +0800
From: =?utf-8?B?6K645q+n?=
Subject: =?utf-8?B?d3VlNSAg5b6u5ZWG5Z+O5LiO5b6u5a6Y572RICBsZ2Y=?=
X-Priority: 3
X-Mailer: Foxmail[cn]
Mime-Version: 1.0
Content-Type: multipart/mixed;

sgkt arwhsy0p 4washz3shv

I am going to assume is the domain you host with the mail-in-a-box product. I am also going to assume that is NOT the ip address of your mail server.

What you are getting here appears to be forged emails. Your server is not causing this to occur, but rather a server at IP address is sending emails claiming to be a user on your domain and it is failing resulting in a bounce back which goes to your server as the proper host and ultimatly dies due to it being an invalid user.

If you look at the header, you can see it was sent to a Google mail user, and that Google correctly deduced that this was bogus based on the failed SPF test. Additionally, Google supports digital signatures which mail-in-a-box does, and clearly there is not one here, leading me again to believe this did not source through your server.

Hope that helps answer some questions, if you have questions, or need some more help, let me know.

Howdy, I ran a lookup

Maybe the IP got listed after forged email attempts.

If not meaning you still see this behavior your is somehow not working.

I keep a tail on the mail.log in a terminal tab to peek at occasionally to make sure is bouncing SPAM.

host -a
whois (registrar)
arin whois (APNIC) (in the browser)

Look suspicious.