The following guide will create a rule to filter direct delivery spam using Mac's Mail application. This technique should be used only when you are unable to implement protection against direct delivery attacks at the firewall or server level.
This rule works because real email will always pass through MX Guarddog, only spam that is delivered directly to your server will be filtered.
Create a new filter with the following values.
When adding the 2nd condition, we need to filter on Received. Received will probably not show that as an option, you can add it by selecting Edit header list... and adding Received to the list.
You can now complete the conditions using the following values:
If you have other domains on your sever, create additional conditions like the 3rd condition and add as many domains as you have on your email server.
Under perform the following actions, choose to Move Message to a mailbox of your choosing. Here we are moving the messages to the junk folder.
With your new rule in place Mail will move any incoming messages, which did not pass through MX Gurddog into the mailbox you have specified.