Alex:
> Hi,
> I have a multi-instance postfix config and am trying to figure out why
> Microsoft 365 is marking my email from the outbound instance as SPF
> softfail.
>
> I am trying to send mail from my gmail account to the multi-instance
> postfix system through to my Microsoft 365 account, where I've set up
> mail filters to accept mail from all postfix instances without
> blocking or filtering. All IPs involved are listed in the SPF record
> for the domain:
>
> example.org. 978 IN TXT "v=spf1
> ip4:209.222.90.0/24 include:spf.protection.outlook.com -all"
>
> There are two MX records set for this domain - relay1.example.com
> (209.222.90.118) and relay2.example.com (209.222.90.113). I believe
> the problem is that mail is leaving through the postfix-out instance
> (209.222.90.109), and although all IPs are listed in the SPF record,
> it appears Microsoft doesn't like that it's not being sent from the
> same IP as it was received?
Random guess: what name does the MTA send in the EHLO command, and
does that name match the IP address? The EHLO is not visible in the
email headers that you included.
Wietse
