Currently my MX is a server running SmarterMail Free, configured as an incoming gateway, and using Declude as its primary filtering mechanism. When SM calls Declude, it creates a .HDR file with summary information about the message, including Source IP, HELO name, and Reverse DNS name. I use these attributes in some of my Declude processing.
I would like to evaluate the cloud-based vendors, but I don't want to change the behavior of my existing SM+Declude filtering at all. This means that I want SM to look behind the cloud server systems, and put the prior server information into the HDR file.
The exact nature of the look-behind is a little hard to predict until I go further with one of the vendors, but I don't think SM can do anything close to this right now.
For example, if the cloud solution is ProofPoint, the lookbehind rule should probably be:
"Skip prior received records if:
Helo or Reverse DNS name ends with pphosted.com, and a matching name is forward-confirmed to the Source IP
The Source IP is a private IP address"
This rule ensures that the Received skip only occurs if the message is verifiably from Proofpoint, while allowing for a variable number of hops within the Proofpoint environment, and recognizing that the intermediate hops may traverse systems using a Private IP address.
When the skip is invoked, the information passed to the .HDR file should become the values from the Source IP and HELO name from the first non-skipped Received header, plus the recalculated Reverse DNS host name.