Hi, in the past few days I have been getting a lot of identical bounce messages where someone forged my address as the 'From:' field. These appear as messages in my inbox with 'Undelivered Mail Returned to Sender' as the 'subject' field and 'Mail Delivery System' (MAILER-DAEMON@<my-domain>) as the 'from' field, with a short body indicating nondelivery and the forged email attached.
I'm using the Zimbra webmail client (unknown version), and am trying to filter these messages out. I have tried filtering on the 'from' field, subject field (I don't care if this filters out all bounce messages, not just spam), the contents of the body or the contents of the attached message. None of these work.
What it looks like is that bounce messages from MAILER-DAEMON bypass the filters entirely. Is this the case? I'm guessing (but don't know) the backend server is also Zimbra and have no idea what settings it is using. I recognize the way to get these issues resolved is probably 'Contact your email server administrator,' but not being able to filter all inbox messages with the incoming message filters is counterintuitive behavior. Is this behavior intentional?