Am 10. September 2015 23:13:59 MESZ, schrieb Mick <debacle...@rs432.net>: >On 10/09/2015 21:13, Wietse Venema wrote: >> Mick: >>> Hi, >>> >>> I'm trialling DMARC to two of my domains. On checking the results >when >>> posting from the secondary domain I receive 'SPF Domain Alignment >Result >>> = FAIL'. I think this is because postfix always says HELO with the >>> primary domain name, which is obviously different to the secondary. >Is >>> there a way to rewrite the message envelope to say HELO using the >same >>> domain used in the from field? >> I suspect that the problem is that the SMTP client IP address no >> not match the SPF rule. >> >> You may want to set up sender_dependent_default_transport to use >> different Postfix SMTP clients depending on the envelope sender >> email address, with "-o smtp_bind_address" settings in master.cf >> for the proper client IP address. >Hi Wietse, > >I only have 1 IP address (2 if you count the IPv6 address). A reverse >DNS lookup will always find my primary domain so even if I used >'sender_dependent_default_transport' and set up multiple switches just >to change HELO name, they still have to point to the same IP. If >reverse DNS was then carried out, secondary domain provided in the HELO > >would not match and mail could be rejected. Think I'm stuffed without >additional IPv4s, but at least I know why.
Your setup should work. I have a similar setup with 5 domains of which the one that holds the helo-name of my Mailserver is not my primary maildomain... and that works well with spf dkim and dmarc. When searching for your error message it seems that maybe your envelope and from aren't aligned, this could be checked on spf test websites that analyse your setup after you send them an email to a special one-time address. Have you had a look at the spf rfc 7208? Regards Christian >Thanks for your advice. > >Mick. > > >> >> Wietse >>
