For a private client, I just set up a little script.
Instead of running errors to mailx, I created text files and did an su -c mailman "/usr/contrib/bin/mailout"
The script just sends an email with an ascii attatchment.
Since you already had mail coming off the server, you're in good shape and need not check /etc/nsswitch.conf and dns configuration.
It's annoying, but thats the way it goes.
Our smtp server won't forward mail that where it can't authenticate the DNS as a valid domain on the public internet. Our servers fully qualified domain names are not registered, specifically so if theres a firewall failure, theres still no way for anyone to mailbomb us.
As stated by others, your security people went over the top.
Email the error logs to upper management, or if you have a help desk, open a help desk call for every failed email, they won't be able to resolve the call without easing up on the security.
If your help desk is like ours, their batting average(average time from call to resolution) will quickly fall, and you will gain allies in your fight.
Steve
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
