Mark Constable writes:
>
> I don't have a multiple real certs to test this on a courier-mta server
> atm. Do you think that just using esmtpd.pem.xx.xx.xx.xx would provide
> enough header tinkering so that an SPF record for domain1.com would pass
> SPF on the receivers mailserver?
>
> If not, is there any "magic" I can tap into to make sure a message from
> a virtual IP for a particular domain will pass SPF checking using it's
> own SPF record?

Various SPF implementations out there do not generally dig into the Received  
headers. That would be a rather stupid exercise. The SPF implementations  
typically look at the return address, maybe even the hostname the mail  
server HELOs itself (Courier does that), and the sender's IP address.

So, for all the domains you're sending, all that needs to happen is that the  
domain's SPF record includes in the IP address the mail gets sent from.

So, if you're sending mail with the return address of @example.com, just put  
your IP address in the SPF record for example.com. That's it. If the  
receipient also checks the hostname your server uses for its HELO, put the  
IP address in the SPF cord for that hostname too. You're done.