Flexible mail-relay protection

["Matthias Hovestadt" <maho@uni-paderborn.de>]

Hello!

Due to countless spam-attacks, we switched off mail-relay
in our university. Following to this, we only accept SMTP
connections, if the recepient of the email is located
inside the university.

The huge disadvantage of this is the fact, that members of
our university can't use our server for their outgoing mail,
if the connect from outside.

Is it possible to solve this problem? Is there any possibility
of a more flexible mail-relay protection?

My first idea was to use password protected smtp-sessions,
e.g. with MS Outlook Express. The user from the outside would
authenticate himself with his password and the server accepts
any mail from this user during this session.
Unfortunately zmailer doesn't support password protected
smtp-sessions right now...

Another way would be, that the user first checks for new mail
using the pop3- or imap4-protocol. The pop3- or imap4-server
stores the date/time and ip-adress of the connected server in
a list. After he checked for new mail, he sends his outgoing
mail. zmailer looks up for the users ip in the list. If the
ip-adress is found and the pop3-/imap4-connection was within
the last two or three minutes, zmailer accepts all mail from
this user during this smtp-session...

My last idea was using PGP. Before sending his mail, the user
has to sign every mail with his private key. zmailer accepts
every mail from the user, but before delivering it to the
outside, zmailer validates the signed mail with the user's
public key.

I don't know, if my ideas are realistic or easy to implement.
They are just the thoughts of a non-zmailer-expert who wants
to offer a little more service to his users...

I would really like to know, how you are solving my problem...

Replies are welcome... :-)

Greetings,
Matthias