Hi Christian,
Hi Wietse,
I only have 1 IP address (2 if you count the IPv6 address). A reverse
DNS lookup will always find my primary domain so even if I used
'sender_dependent_default_transport' and set up multiple switches just
to change HELO name, they still have to point to the same IP. If
reverse DNS was then carried out, secondary domain provided in the HELO
would not match and mail could be rejected. Think I'm stuffed without
additional IPv4s, but at least I know why.
Your setup should work. I have a similar setup with 5 domains of which the one
that holds the helo-name of my Mailserver is not my primary maildomain... and
that works well with spf dkim and dmarc.
When searching for your error message it seems that maybe your envelope and
from aren't aligned, this could be checked on spf test websites that analyse
your setup after you send them an email to a special one-time address.
Thank you very much indeed for your help. As a result I re-checked my
configuration and found you were spot on, the culprit being postsrsd.
The very thing I added to allow forwarding without breaking SPF / DMARC
appends the From field to the primary domain regardless of the domain
the message comes from. I've withdrawn postsrsd for now while I look
into a possibility of work around or something to replace it.
Have you had a look at the spf rfc 7208?
Yes. It's a good document. I'm more a pragmatist than theorist so always
appreciate examples which rfc7208 provides plenty.
Best regards,
Mick.
Regards
Christian
Thanks for your advice.
Mick.
Wietse
