> But that would be just the connection IP which the SMG can't see, right?
Yes
> The bad IP is still visible in the msg received headers alongwith my provider's IP address.
> Can't the SMG be able to scan that part and match it to the RBL.
Based on my knowledge its not possible. As 3rd party RBLs, as global bad senders are on the (i call it) firewall-level and therefore can reject the connection there's no way to tell smg to check the headers. Its only possible at content rules, but by that you must have already have accepted the mail and there are no RBLs to check against.
> Also I have been adding lot of blacklisted IPs from the msg headers to the local bad senders list, will that work?
No
> As for the decision of the deployment it's been so ever since, the response I get is "because we can't run our own MX server" something like that, I don't know what that even means.
... you do run your own smtp server, your smg, which then transfers the mails to your mail-bakcend. The mx record gets the sender to the right destination - in your case currently pointing to the provider. They have to store and forward all your mail (and probably will get some money for that). If you tell your provider to change the ip-address in the mx-record to point to the official ip-address of your smg your almost done. Just take care of spf, helo fqdn, ptr of your smgs-ip etc
Thomas