If you are getting a DSN back I would say that the IronMail is properly dealing with the 550 message, no matter what the text of it is. The SpamShield appears to be using callback verification (another term for callout verification). I don't know much about the process other than the recieving server will try a connection back to your MX record to veriy the sender is real.
Do you have BATV turned on? If so that may be breaking their side of things. Try whitelisting the recipient's IP addresses for BATV if that is on. That being said, I have found notes that many of the large implementers of callback verification caution against its use.
MEG will not support it in any different way, and there is no reason that it should.
I added the IP address that are using for outbound mail to our organization, whitelisted from "DNS Bounce Verification Protection", inbound rule.
Is that what you were suggesting?
The other organizaition seems to be using two addresses for their MX inbound mail, and a different address for outbound mail.
It's difficult to know what all of their outbound servers are, but I do see this one in the log:
... mailhost3.babcock.com:07032013 11:45:14|21|220.127.116.11-55282|1|102|DSN for spoofed message.|