A few things:
1 - I think you just copied and pasted the HTML content, including buttons and pull down menus - some of that output makes it difficult to understand the actual filter settings. i usually ask people to send either a screen shot, or send the output from the "outgoing / incoming content filters screen" with the "rules" view selected. mine looks like:
2 - I don't know if your second condition will ever be met:
'^FW:$'.
Instead, I would use something like '^(i?)FW:$' (and I would even add '^(i?)RE:$' too). Here's what mine looks like:
empty_subject: if (subject == "^(?i)FW:$") OR (subject == "^(?i)RE:$") OR subject == ("^$")) { alt-rcpt-to ("awurster@ironport.lab"); }
the only reason I can think of this not working are: A) the sender / recipient is placed in the wrong outgoing mail policy or B) there is a content filter matched before hand that is bypassing this one. perhaps you could send in your mail_logs from a test message for debugging?
thanks!
andrew
Here's a snippet from my own test using that filter:
Thu Jul 23 16:56:30 2009 Info: MID 72 Subject 'fw:'
Thu Jul 23 16:56:30 2009 Info: MID 72 ready 485 bytes from
Thu Jul 23 16:56:30 2009 Info: MID 72 matched all recipients for per-recipient policy DEFAULT in the outbound table
Thu Jul 23 16:56:30 2009 Info: ICID 40 close
Thu Jul 23 16:56:30 2009 Info: MID 72 interim verdict using engine: CASE spam negative
Thu Jul 23 16:56:30 2009 Info: MID 72 using engine: CASE spam negative
Thu Jul 23 16:56:30 2009 Info: MID 72 interim AV verdict using McAfee CLEAN
Thu Jul 23 16:56:30 2009 Info: MID 72 interim AV verdict using Sophos CLEAN
Thu Jul 23 16:56:30 2009 Info: MID 72 antivirus negative
Thu Jul 23 16:56:30 2009 Info: MID 72 rewritten to MID 73 by alt-rcpt-to-filter filter 'empty_subject'
