Return delivery fails coming from random emails from my domain, afraid of being blacklisted

[H]ow are people/bots using my domain to send out emails? What can I do to stop this?

The original spam mail got send from dsldevice.lan (unknown [2.88.2.153]).

Unless that's your IP, there's absolutely nothing you can do to prevent these emails from getting sent. As far as SMTP is concerned, everybody is free to use the sender address he wishes.

If you want prevent other servers from accepting those mails, create a SPF DNS record.

For example, the record

mydomain.com    text = "v=spf1 a mx -all"

will allow sending emails from your domain from the IP(s) of your A and MX records, but no others.

Furthermore, if you digitally sign your emails with DKIM, you can prove that a certain mail was sent by you and not somebody else.

Apart from making others able to distinguish genuine mails from you from forged ones, it should also decrease the chances of your mail getting caught by spam filters.

If I don't stop it, will my domain eventually be added to a spam list?

Probably not. Most blacklists are IP based anyway, and the IP that will be blacklisted is the IP of the server that actually sent out the mail.

Blacklisting sender domains is usually reserved for known spam domains (e.g., cheaprolex.com).

I have set [email protected] as a catch all, so I think this is why I'm receiving all the fails[...]

What's going on is that hmjg.co.jp is doing it all wrong!

Emails should get rejected while it's getting delivered. Bouncing an email after it was accepted is nonsense, since the sender address can be easily forged (like in this case). They're actually helping the spammers to send their junk to you!

This is known as backscatter, and it's very bad practice. There are blacklists entirely composed of servers that have been set up like this (e.g., Backscatterer).