I missed the "message id" ... You should be able to match/block any valid header name.
Add it to, or replace, what's in the match -- up to you. Personally, I've never received a valid email from 'anything' @qq.com. YMMV. If you're shutting down a flood, more extreme, blunt instrument measures @ the firewall (e.g. GeoIP blocking) can be put in place.
