Thanks for clarifying how ns_sendmail interacts with the MTA, Andrew. Obviously I didn't understand something basic.
Given your success with postfix, Bob, I'm going to persevere with exim. Maybe the fact that exim has been running from /etc/inetd.conf and not as a daemon is the problem. (I've gotta figure out why debian installed it that way this last time.)
Interesting point about tcp_wrappers, Jun, though I'm not doing that.
Thanks for all the helpful comments!!
