I recently found that there is a null\blank value for the return path for Out of Office in 2007 and 2010 (this is changed behavior from 2003).
As per RFC 2298 Message Disposition Notification (MDN) messages should be sent with blank sender. The OOF reply messages are an MDN. – this is to help prevent looping
Also 5321 –4.5.5 deals with messages that should not be looped
The issue is that some anti-spam products will block sending out messages with blank return path.
There is some guidance as to how to deal with those messages here: (specifically base the rule to allow from the internal subnet if the From field is correct)