Need some help Hijacked Returned domain

[Stephen Lane]

Hi everyone,

We have in recent days been the recipient of spammers using our domain name as a return address.  They use all kinds of names etc..
I could really use some assistance in trying to stop this or at least handle the bounce mail better, we are also getting a extreme amount
of mail from null senders logs are filled with from=<> on one of our server we have 20,000 entries in the last 15 hours.

Any hints, comments, ideas on stopping this I just added dnsbl.sorbs.net to sendmail and it's already starting to help (BTW great job Matthew)
are others having this problem also? it seems this started up a couple of days ago after MyDoom hit. Is anyone else having this happen or has 
seen this before.

below is an example of the a org message that was returned I left off the information from where it was bounced. 

Thanks in advance
Steve
--- Start 

Content-Type: message/rfc822

Message-ID: <QVMEELMZZSXALGDVYHSPYZ at fidalgo.net>
From: Roseanna Escalante <webmaster at inteliport.com>
To: webmaster at northernbus.com
Subject: FWD: Available All. X at nax , v|agR@ _ \ Va:l:ium  = S0ma , Pn:t:er
 min 4v5tR
Date: Wed, 4 Feb 2004 02:23:41 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
X-MS-Embedded-Report: 
Content-Type: text/plain;
 charset="iso-8859-1"

We believe ordering medication should be as simple as ordering anything else
on the Internet: Private, secure, and easy. 
On stock: \ Xan|a|x ) Val/i/um = So+m+a = Pntermin $ V1Agr@ 
Plus: A'cyc|0vir, Pr0z at .c, P@`xil, Bus:p at r, Ad|p&.x, I0`nam|n, M3ri:dia,
X3nic.a|, Am`bi3n, S0na.Ta, F`l3xeril, Ce|3br'ex, Fi0ri`c3t, T'ram at do|,
U|t`r at m, L3:v|tra, Pr0p3ci`a 

Most trusted name brands. 
Enjoy deep discount meds here <http://www.affordablemeds.biz>  
------_=_NextPart_000_01C3EA29.1039B262--

---End
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040203/dbffa802/attachment.html