@Dirk, This is backscatter of undeliverable e-mails and not the SPAM directly so technically it is legitimate mail coming from ISP's/postmasters and won't get picked up by the usual spam filters. I don't think there is much you can do except block on the subject or possibly the sender "mailer-daemon". I would suggest you only do this temporarily, because if you send something to an incorrect recipient, you may want to see these messages to tell you your legitimate mail has failed.

To block on sender, have a look at /etc/postfix/access. Discard rather than reject. To block on subject, have a look at /etc/postfix/header_checks. You can also block on sender with header_checks but using access is preferable as it is less expensive with processing.

Finding a driver for that looks tricky. Probably the easiest answer is to install the latest kernel from ElRepo. If you then want QoS to work, you need to change "QOS_ENABLE_IFB" to "yes" in /etc/clearos/qos.conf.

If you do try an ElRepo kernel you will be living life on the bleedin' edge and I have no experience ot it.

As a halfway house, you could try the 7.6 kernel, just in case:Then reboot.

So are the recipients always different on the returned emails? Did you peruse your maillog for any indicators? Do you have the mail anti-spam app installed from the marketplace? It's like Nick said, start filtering some commonalities, blacklisting some domains, etc. Enabling the discard policy might prevent your inbox from filling up.

Thanks Nick - spent a little time looking at https://discourse.osmc.tv/. Streets ahead of what we have here and fantastic response time. Hope Clear can achieve the same if they go with this software... The discussion here was also interesting when another site moved over to this discourse software and started using it...

I can't help much unless you can see something to commonly identify these mails. It is possible to set up a generic filter just to kill these based on the subject or some other feature. You could do that temporarily.

Here you go

Return-Path: <mailer-daemon@server.rel-tek.com>
Received: from localhost (localhost [127.0.0.1])
by server.rel-tek.com (Cyrus v2.4.17-Fedora-RPM-2.4.17-8.v7.1) with LMTPA;
Mon, 18 Feb 2019 09:21:22 -0500
X-Sieve: CMU Sieve 2.4
Received: by mail.rel-tek.com (Postfix)
id 1B85A80439773; Mon, 18 Feb 2019 09:21:19 -0500 (EST)
Date: Mon, 18 Feb 2019 09:21:19 -0500 (EST)
From: MAILER-DAEMON@rel-tek.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: sales@rel-tek.com
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="F237580473A51.1550499679/mail.rel-tek.com"
Content-Transfer-Encoding: 7bit
Message-Id: <20190218142120.1B85A80439773@mail.rel-tek.com>


This is a MIME-encapsulated message.

--F237580473A51.1550499679/mail.rel-tek.com
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii

This is the mail system at host mail.rel-tek.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<tdragon@concordwell.com>: connect to concordwell.com[184.168.131.241]:25:
Connection timed out

--F237580473A51.1550499679/mail.rel-tek.com
Content-Description: Delivery report
Content-Type: message/delivery-status

Reporting-MTA: dns; mail.rel-tek.com
X-Postfix-Queue-ID: F237580473A51
X-Postfix-Sender: rfc822; sales@rel-tek.com
Arrival-Date: Wed, 13 Feb 2019 08:26:12 -0500 (EST)

Final-Recipient: rfc822; tdragon@concordwell.com
Original-Recipient: rfc822;tdragon@concordwell.com
Action: failed
Status: 4.4.1
Diagnostic-Code: X-Postfix; connect to concordwell.com[184.168.131.241]:25:
Connection timed out

--F237580473A51.1550499679/mail.rel-tek.com
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit

Return-Path: <sales@rel-tek.com>
Received: from localhost (localhost [127.0.0.1])
by mail.rel-tek.com (Postfix) with ESMTP id F237580473A51
for <tdragon@concordwell.com>; Wed, 13 Feb 2019 08:26:12 -0500 (EST)
X-Virus-Scanned: amavisd-new at rel-tek.com
Received: from mail.rel-tek.com ([127.0.0.1])
by localhost (server.rel-tek.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id L6fJXnbBUVPM for <tdragon@concordwell.com>;
Wed, 13 Feb 2019 08:26:12 -0500 (EST)
Received: from localhost (localhost [127.0.0.1])
by mail.rel-tek.com (Postfix) with ESMTP id 477DE80473A50
for <tdragon@concordwell.com>; Wed, 13 Feb 2019 08:26:12 -0500 (EST)
Received: from WIN-AUDMJQU1G3S (unknown [109.202.107.147])
by mail.rel-tek.com (Postfix) with ESMTPA id E007480473A4E
for <tdragon@concordwell.com>; Wed, 13 Feb 2019 08:26:11 -0500 (EST)

If you're in luck the storm will die away again. Please can you post a couple of the mail headers?

I've added two more rules at the end, to effectively place the "RELATED,ESTABLISHED" rule above the rules we are entering or you could get problem with any further manual rules you enter.