Reading the mail headers again, I believe that in that case you’re right : my user is actually victim of a backscatter mail, and therefore nethserver isn’t the culprit here. I misinterpreted the non delivery notification.
However I’m pretty sure that nethserver does send non deliveries in case of spam. Please read again that thread : Postfix sending non-deliveries notifications because of spam?