> I've got an issue where users off-campus who are doing authenticated > SMTP/TLS from home networks are having their mail hit by the PBL. I > have trusted_networks set to include the incoming relay, but still the > PBL hits it as follows: >
I mentioned in a direct email (as my blackberry won't make it to the list). Use submission port (587 rfc) and only allow authentication over this port. Set your MTA not to do any type of checks with mail coming in from this one. On postfix, it's a simple config in the master.cf file. This is secure enough and will accomplish what you want with very little headache. In fact, it's better because now you don't have to worry about any SA overhead for outgoing email. Everyone authenticates against this, and no worries about zombie machines, etc, because it will require a password either way.
