I believe you could whitelist their server addresses, and blacklist the IP ranges above and below to the blacklist. That should be sufficient on that front.
As to ensuring your server is utilizing SSL/TLS for SMTP, you'll need to have/perform the following:
- SSL certificate bound to your server's host name or domain name (wildcard)
- SSL certificate bound to SMTP port definition in SM.
- "Use TLS if supported by the remote server" enabled under Protocol Settings>SMTP card.
- Standard SMTP disabled
This will force the server to utilize a TLS encrypted connection when communicating with outside servers. Now, if one of the spam servers ever tries to relay mail to your server while NOT using a TLS connection - the relay attempt will be dropped due to the lack of security.
I'll double check the locations in my SM install this afternoon and follow up with some better instructions for you.
Kyle Kerst Cameron Solutions LLC www.cameron-solutions.com