Well, that is the price of outsourcing! ;-*
SMTPAuth might have a public key type of authentication, I don't know. Even then you have to drop the private key somewhere in the server.
What about giving up the external mail relay and adding the Moodle server to the SPF of the domain Moodle is sending mails on behalf of?