James,
Something does not add up. Why is your Primary running in "Firewall" and the Secondary in "Stand alone"? Is there any other server AFTER the primary?
Could please confirm if the following image is correct:
Internet --> Primary --> Exchange
Internet --> Secondary --> Primary --> Exchange
If the above flow is correct, both should be in Firewall Mode and you can set the Message Retention period to a small value (let's say 10 days). In this case, Xeams will automatically delete messages after 10 days.