Paranoid mail servers

Our school mail server is particularly paranoid. Whenever I am on campus, I have to use it as my smarthost, but it won't relay messages unless my From: has the school's domain. However, when I am _outside_ the campus, it refuses to accept mail from me if I use that as my From:. I've been trying to figure out how to set up a tunnel to an SMTP-AUTHable server outside (managed by a friend, yippee), but the host in the DMZ doesn't allow me to use public key authentication for SSH. I tried writing an expect script to set up the tunnel, but I'm getting hopelessly lost. To wit: expect either kills the SSH tunnel as soon as the script ends, or doesn't allow me to kill it because the program doesn't process the EOF sent by expect when it in turn is killed.

Argh.