The problem was trying to accomodate users who are not on the local network and who do not have static IP's .... pop-before-smtp is really what I needed and now that I've kinda given up on the hokey workarounds I was using, it seems like that is actually an option via Perl. Why it isn't part of the Postfix base package is kind of a mystery to me, tho. Seems like almost everyone is travelling all over with a laptop these days. Postfix is definitely fast. Mikey likes that part !
Since Postfix doesn't do POP at all, Postfix's including a hack like pop-before-smtp would be pretty tough.
The real thing is to use a supported authentication method. However, they seem to be moderately difficult to implement, since they are a compile-time option with Postfix, etc. Once implemented, both on the client and the server, however, they are user-transparent.
Because I have a relatively small number of traveling users, and they are tech-savvy, I use a home-brew combination of split-horizon DNS and SSH tunnelling to provide remote access. The advantage to this method is that I can allow out-of-LAN access to a number of otherwise local services. The disadvantage is that the user has to affirmatively put his machine into "traveling" mode when he leaves the LAN, and put it back into "local" mode when he returns.