Hello,
First of all, what program are you using? Is this the mail security appliance or SMTP5 or Brightmail 6?
Your best bet within the program is to use compliance filtering. You have to make sure that you are filtering on the proper part of the message. IE message body or header. We have some people who are able to install an upstream device to just do header checks and some low level regex filtering to clear some of these up but this is a fairly advanced implementation.
As possible assistance to you the list below seems to block the majority of these NDRs. Please note that this is by no means a complete list and is not to be used as gospel and is not technically "supported" by Symantec. This is just something that may help in blocking the NDRs for that user.
Another note is that Symantec is always looking for better ways to block "backscatter" or invalid NDR messages. Generally this is done by content in the body or blocking of connecting IPs. So you should continue to see the program do better on this front in the future.
I hope it helps.
/^From: Mail Delivery Subsystem <MAILER-DAEMON
/failure notice
/Warning: could not send
/Returned mail
/Mail delivery failed
/Undelivered Mail Returned to Sender
/Mail System Error
/Undeliverable Mail
/Delivery Status Notification
/Delivery reports about your e?mail
/Delivery failure
/Undeliverable
/Unable to deliver your message
/mailer-daemon
/message undelivered
/undelivered mail
/unable to process your message
/Your e?mail did not reach the intended
/Your Message Could Not Be Delivered
/Warning:.*?User unknown
/Message status*undeliverable