But it's a headache because it's a deny-all/allow-some setup. No outbound traffic on 25 (smtp), 143 (imap), 465 (smtps), 993 (imaps), and 995 (pop3s). You can use non-secure POP3, but no outbound mail, no IMAP, and nothing secure.
So that brings me here, to tools like ProxyTunnel and OpenVPN, both of which will route traffic through an HTTP proxy. It looks like I'll need a TUN/TAP driver for OS X too. There also appears to be a nice little GUI front-end for OpenVPN. Ideally, there'd be an apache plugin I could connect to through my own secure web server. But so far, it looks like I'm going to claim my second IP from Speakeasy, bind it as an aliased address on b5's external interface, and run the OpenVPN server out of there.