You need to modify your web based code to use SMTP authentication, using an account on your SmarterMail server, to send these messages now. This is easily accomplished with CDOSYS (remembering that CDONTS was depreciated several years ago)
As you stated, whitelisting is a solution but is not a good solution as anything that originates on that IP address will be allowed through the MX server.
I worked on a case with a village in a European city (which shall remain unnamed to protect the poor Village manager who caused the problem in the first place), three years ago, when a web server IP address which had been compromised was whitelisted. They had a sales tool on the server, but it was not compromised.
The Village manager's daughter had her beauty shop website, which was written in PHP, running on the township's server (illegally), and someone had hacked her site. The hacked PHP code was sending out more than 100,000 spam messages per hour through SmarterMail, on a whitelisted IP address.
I worked on that issue for more than a day, finally, and against the wishes of the Village manager, shutting down IIS (he had steadfastly refused to allow me to do so for the first 23 hours). When I shut down IIS, all of the rough messages stopped.
I then restarted IIS, and disabled all the sites, enabling them, one at a time, until we found the corrupted site. Had he allowed me to disable the IIS - to check for compromise, in the beginning, we would have saved countless hours and they Village would have saved almost $2,000.
If you need some sample code, feel free to contact me off-list.
Phonr: (773) 491-9019
Phone: (224) 444-0169
E-Mail and DNS Security Specialist
Network Security Specialist
Customer Service Portal: https://portal.chicagonettech.com
Security Blog: http://networkbastion.blogspot.com/
Web and E-Mail Hosting, E-Mail Security and Consulting