[DMRDave]

Kinda fun having a conversation with myself online. But I digress...

Following up, removing the MX record wasn't a good idea because of the obvious reason that I need a valid MX record for this relay server to talk to the real world and deliver mail for customers. So what I've done at this point is to close port 25 access from the outside world to the relay server on our firewall. That way, any message bound for my the secondary MX record server (20) inbound from outside servers never gets to it's intended target, and messages are now coming through to my production server. Spam volume has decreased dramatically.

However, I'm still open to any suggestions as to DNS MX configuration in a multi-server environment for such a scenario (greylisting, relay, etc.)