Mark Constable writes:
> I don't have a multiple real certs to test this on a courier-mta server
> atm. Do you think that just using esmtpd.pem.xx.xx.xx.xx would provide
> enough header tinkering so that an SPF record for domain1.com would pass
> SPF on the receivers mailserver?
> If not, is there any "magic" I can tap into to make sure a message from
> a virtual IP for a particular domain will pass SPF checking using it's
> own SPF record?
Various SPF implementations out there do not generally dig into the Received
headers. That would be a rather stupid exercise. The SPF implementations
typically look at the return address, maybe even the hostname the mail
server HELOs itself (Courier does that), and the sender's IP address.
So, for all the domains you're sending, all that needs to happen is that the
domain's SPF record includes in the IP address the mail gets sent from.
So, if you're sending mail with the return address of @example.com, just put
your IP address in the SPF record for example.com. That's it. If the
receipient also checks the hostname your server uses for its HELO, put the
IP address in the SPF cord for that hostname too. You're done.