>The messages are failing various tests, but the problem is because the >message appears to have come "From:" one of my users e-mail addresses >the bounce is getting delivered to my users mailbox.
That's exactly why you shouldn't be using the BOUNCE action for that E-mail. It will go to an innocent victim, not the person that sent the E-mail. You should only use the BOUNCE action for tests where there is a good chance that the sender is valid (IE the REVDNS test, where there's about a 50-50 chance that the E-mail came from a legitimate source). >Is there a test that can catch "$domain" exclusively? With the latest beta, you can use the new filtering system with a file that has a line like this in it: HELO 5 CONTAINS $domain -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .