I have been given a problem. I have two domains one of which processes sensitive information (employee details, appraisals, and some commercially sensitive information). The other domain is to provide a general purpose working environment.
The problem arises when allowing email between the two domains. Email from the general purpose domain can be passed without problem to the sensitive domain. In the other direction however I need to configure something to drop any attachments that may be included and also to check the subject line for some text. The text will read something like "No private or commercially sensitive information has been included in this email." the purpose of this is to move liability for the unauthorised release of information to the sender of the email.
My first thought was to configure an Exim server as a relay, only accepting email for the relevant domains. How easy would it be to get it to drop attachments going from sensitive to general purpose? Also how difficult would it be to get it to inspect the subject line of emails and drop anything not matching the above text?
Is there an easier way of achieving the above goals? As I said above my first thoughts were of a mail relay server. I am open to any suggestions though.

Many thanks.