I'm trying to come up with how I would allow my customers to send mail through our SMTP server from their local client (i.e. outlook express) without opening a nice big whole for spammers to send.

Any insight?

Qmail with vpopmail and remote users flag turned on.

I don't like or use sendmail, so I can't really offer what you can do if you use it.

This will let your users authenticate and stay for however long your crontab is setup.

Works fairly well and doesn't permit non-customers to send email through you.

Cya,
Cloak

You can either give pop-before-smtp or smtp-autentication.

pop-before-smtp meens that your clients authenticate to your pop server and when the try to connect to smtp, that server looks at the pop auth.

smtp authentication simply meens they use a password to send mail.

I'd use postfix for the smtp daemon.