Simple! _I_ don't send any "bounce messages" *AT*ALL*.
It's all done by mail *rejection* _during_ the SMTP transaction with the remote server that is trying to deliver the mail to me. This isn't 'procmail', nor is it some form of "post-processing" of material that has arrived in the server inbox -- it is "real time" processing of the message *during* the transmission from the remote system.
Thus, there are three possible scenarios:.1) The mail came to my _server_ from a legitimate, full-blown, mail-server that knows the 'true identity' of the sender, regardless of what the "from" line says. 2) The mail cam to my server from dedicated spam-sending software that *doesn't* do _anything_ with rejection notices. 3) The message came to my server from a legitimate, full-blown, mail-server that does *not* know the identity of the sender.
In scenario #1 the rejection notice -- generated by *that* mailserver -- goes back to the _actual_sender_.
In scenario #2, the rejection date is bit-bucketed, and nobody gets anything.
In scenario #3, what happens depends on "just how stupid" that 'open relay' mail-server configuration is. We already *know* it's _really_ stupid, or it wouldn't be an open relay in the first place.*IT* may be stupid enough to be generating 'backscatter' spam in those situations where the 'from' address is a valid email address -- and the recipient thereof *should* bitch at that that system for spamming them Or if the from address is _not_ valid, then the message ends up in the 'postmaster' mailbox *there*. on the open-relay machine. Along with all the other 'undeliverable' notices. Hopefully this alerts the operator of that mailserver to the problem and they secure their system against open relay.
Wanna see how it works? Fire up your e-mail program (do *not* try a reply from inside your newsreader, since you want the mail to *fail*), and send an e-mail to the "From" address listed on this message. See where the "delivery failure" message you get is sent _from_. Hint: it does _not_ come from my servers. If *your* mail server lets you lie to it about who is sending the message... well you need to speak to your mail administrator about _that_ (scenario 3, above).
You have a problem trying to do this kind of thing, because your mail-server software is _four_ major releases, and 4 additional minor updates, out of date, and it doesn't have the required capabilities to implement this type of scheme _properly_.