Add the procmail rpm if not already done. Add the following line to the bottom of your sendmail.mc file (or move the dnl to the right if one is already there. When done, type make all and then restart the sendmail service. Modify the /etc/procmailrc file to suit.
Do a man procmail for an example of filtering on a subject line.
I would also suggest adding the clamav milter and the spamassassin milter, but I prefer the clamav rpm from atrpms.net (the only package I pull from there) as it is usually more up to date than the distributed packages.
You can also use procmail to delete or quarantine all e-mails with particular suffixes in attachments (or any e-mail with a double suffix (.htm.bat) or similar. It's pretty handy. Each user can set up their own procmailrc script home/*/.procmailrc and add their own rules in addition to the site wide rules.
After clamav and spamassassin have gotten through with things and added headers with rules that they hit, you can severely drop the amount of spam that gets through with some additional procmail rules. Any RBL_ hit or FORGED_ hit or SPF_FAIL hit to name a few from spamassassin can be immediately routed to the bit bucket. They can also be stored in a separate archival directory for awhile in case the user really wants that russian casino email routed through china, et cetera.
In addition to the above spamassassin rulesets I mentioned, my own procmail file has pretty much any rule hit with a OBFU or PORN_, DRUGS_, SPOOF_, SARE_, STOCK_, or FUZZY_. Around 300 altogether. That, combined with a whitelist of people who can bypass the rules, pretty much cleans up my real inbox. The rulesemporium.org site has a wide range of additional rules that have been contributed that detect many other forms of SPAM.