It's getting too late for me to think, to be honest, but maybe an ACL stopping traffic to certain ports from going over the VPN? Is the local DNS record right for the mail server? I haven't played with DNS for a while so I can't remember the fine details.
It could be that. Have I mentioned that I fucking hate Cisco?
DNS used to have additional settings about master etc in Windows Server - isn't that still the case?
I think, if I understand what you're asking correctly. It has zones, and you tell it what server controls each zone.
Yes, that's one thing, but can't you specify a hierarchy of servers depending on which site you're in? I'm confused now, sorry :(