The first scenario looks like it could be handled easily by using an ADM rule and referencing an ADM Dictionary. Note that there is detailed information in the Help for setting up a Dictionary so I wont go into it here.
The first step would be to create the dictionary with specific keywords that you are interested in. Then in the Policy Editor create a new ADM rule. Then using an AND Clause, create an Expression Component using ObjectType Internet Mail Message Header. Then another Expression Component with the Term Object Content referencing the Dictionary. Then another component with Domain != yourdomain.com
The finished rule would look something like this in the Description box underneath the saved rule;
Signature: ((any objtype == [text/rfc822-headers]) && (any myDictionary[objcontent]) && (all smtp.domain != ["yourdomain.com"]))
If you want to add components for a possible attachement to the email you can add that too. For the second scenario you would still use the same ideas I have outlined for the first example. My recommendation with ADM and all Rule development is to progress in steps from a simple one line to more complex rules. This makes errror checking and troubleshooting much easier. Also you may want to check the current ADM rules for some ideas on how to construct your own rules.
Thanks for the reply. I previously setup a rule with similar conditions but we were getting many false positive due to addition of spam messages. Same goes with the rule with above conditions. Is there any setting where I can specifically mention a condition -> sender domain == our domain or receiver domain != our domain.?