Our primary MX record points to an external server which handles spam filtering, thereafter the mail is pushed to our internal mail server. The mail is never stored on the external server for longer than it takes to process the mail and deliver it to our internal server.
The current setup requires that we connect to our internal server to retrieve mail. The problem with this setup is that roaming users are unable to access their email if our internet connectivity at the office goes down. An alternative is to host all our mail externally, but this means that users in the office must be connected to the internet for the duration it takes to download and send all their mail, which will be significantly slower than if we had a mail server on the LAN handling the mail. Additionally, this setup would mean that even internal mail has to leave the network, which is terribly inefficient.
Are there any methods whereby we can have both our internal server and our external server hosting the mail, and depending on the DNS record (from within the office the DNS record will resolve to our internal server, and externally the record will resolve to our offsite mail server) our users will always be able to send and retrieve their mail? ie. users should be able to use either of the two mail servers to retrieve their mail. I've given some thought to using IMAP in this situation, but would this not cause mail duplication when switching between servers?
The architecture is irrelevant. I'm looking for any solution, regardless of whether it's based on Exim, Exchange, or anything else that we can setup ourselves.
There is no solution to your problem, as you already refused any option. Only three options are available:
So why not go with the option with least impact? I would choose 1) because how big is the risk of a failure in Internet connection?
Why not just have your mail servers in your DMZ, or at least the Exchange server with the Client Access role? Then they'll traverse your internal network when they're in the office (assuming your routing and DNS are configured properly) and external clients will have access based on whatever firewall rules you have in place.
AFAIK, Microsoft's recommendation is to put Edge Transport and Client Access on the outside/DMZ, Hub Transport wherever you need it based on your infrastructure, and the Mailboxes on the trusted side of your firewall. This allows you to open whatever services you see fit to the outside while keeping your mail secure on the inside.
I'm not sure I understand. You say that the internal server is a requirement because it is faster (because it's on the LAN), but then you say that you want people to be able to access their email when the internal server is unreachable. You've kind of boxed yourself into a hole. You might want to look into off-site exchange hosting. They might have a solution for the sort of thing you're looking for with some sort of replicating module you can run on an 'internal' server.