Jason Pyeron wrote:
I'd expect the most common case to be mail user agents that have to be specifically configured for the forwarding smtp server anyway.
In fact most are default configurations. An engineer will up an (vm) image, give it some tasks to do (temp website, software builds, experimental config, etc...) and the data/logs are emailed to him when done.
You might be able to handle these scenarios by providing a different internal-only DNS domain that you configure your mail server to accept in addition to the current domain. Then anyone who wants to skip the spam scan can use a target mail address with the internal name.
What else do you have sending a lot of internal mail?
Think about things like logwatch, cron, at, etc..., but not always on linux. This will get forwarded to support or a specific engineer.
Or are these laptops that may or may not have direct access to the internal server?
That is one of our use cases, exactly, and that is where this mail will come from.
This one is harder - maybe even impossible to get completely right if you count the case where you set up temporary VPN access to reach the internal target from a LAN where you also need to maintain similar private DNS mapping, for example to access a local printer.