Paranoid mail servers

Our school mail server is particularly paranoid. Whenever I am on
campus, I have to use it as my smarthost, but it won’t relay messages
unless my From: has the school’s domain. However, when I am _outside_
the campus, it refuses to accept mail from me if I use that as my
From:. I’ve been trying to figure out how to set up a tunnel to an
SMTP-AUTHable server outside (managed by a friend, yippee), but the
host in the DMZ doesn’t allow me to use public key authentication for
SSH. I tried writing an expect script to set up the tunnel, but I’m
getting hopelessly lost. To wit: expect either kills the SSH tunnel as
soon as the script ends, or doesn’t allow me to kill it because the
program doesn’t process the EOF sent by expect when it in turn is
killed.

Argh.