There is a temporary block on port 25 on the Webmin/Virtualmin server I have set up. As the block is only temporary I’d rather avoid going through each domains DNS records individually and adding the records most relay services seem to require for authentication.
Any recommendations of a good relay that can be authenticated using the hosts master DNS zone file alone as verification, or another method that doesn’t require individual domain authentication, multiple SASLAUTH records, etc but still has a good delivery quality?
You kinda have to, assuming you have SPF setup.
But it’s a simple thing to do via cli f.ex.
I could also help you if needed, as I have an external mail setup with filtering running for myself and my clients.
I have offered a way forward by which you would not need to change DNS records for authentication. As for the rest, SFP and DKMI are entirely optional as per RFCs and if Google or Yahoo or Microsoft require them to be in place to receive mail then that’s a policy issue, not a technical limitation. The rest of the net should be able to exchange mail with your domains even without SPF and DKIM.