[exim] Help needed to configure domain

Hi All,

I have a huge problem configuring the following scenario:

I have a server with an ISP-like configuration. Several domains exist on
it. It is administered with DirectAdmin. There is a domain on the
server, say abc.com, that gives an issue. It has a domain pointer/alias
xyz.com. The domain owner decided to use an external mailscanner
(IronPort) to prevent excessive spamming. Since there are only mail
adresses for the abc.com domain and not for xyz.com, its abc.com's MX
record is changed to send everything to that filter, and it routes the
filtered mail back to my server.

Now the following happens: some spammers send mail to my server based on
the A record of the server, so the spamfilter gets skipped. Also, all
mail to the alias xyz.com still arrives in the client's mailbox since
that MX record cannot be redirected to the spamfilter ($$).

Basically, what I need is to check for both domains whether the IP
address where the mail comes from is within the IronPort range of
89.146.30.0/29 (255.255.255.224), and reject anything else. But then,
only for these domains; all other domains should not be affected.
DirectAdmin uses regular unix useraccounts for each domain, so I guess I
could be using a solution on a per-user base?

Any help is appreciated, I searched config options for a day now but
can't find anything that helps me in the right direction.

TIA, MarcoO