Hi,
one way that comes to my mind to accomplish this is to
- give the Spam Firewall 2 ip addresses (like 192.168.2.210 and 192.168.2.217)
- change the 2 NAT entries on the pix to
x.x.x.68 <-> 192.168.2.210
x.x.x.68 <-> 192.168.2.217
- and configure the Spam Firewall to forward the email to the appropriate exchange server.
The way to give the Spam Firewall only one internal ip address and then let both NAT entries on the pix point to that one wouldn't work as far as I know. Because in his case the way back to the internet isn't clear.
HTH
Mark