> Looking at the headers above, if the SPF record for customer.com does
> not allow mail to come from 84.152.113.90, then the check will fail.
OK, but how can people ever send e-mail then? That server is very alone
somewhere in a dark room, seeing no daylight until the end of his life.
Hard to imagine anybody going there directly to send some mail.
ATM, I use pop-before-smtp to authenticate users, afterwards allowing
them to send. It's working, but if that SPF check truly has to fail, it
would mean it has to fail on all mail sent over my server (nearly all
domains have strict SPF). I looked at some messages, none has that
check failing (even from that customer).
I may be way off here, but it seems odd that either Postfix or SA is
treating the originating IP as an address to check against the SPF records.
I use Sendmail, with SMTP-AUTH, and the mail I send to users on the same
server does not trigger the SPF rules in SA even when the originating IP was
not specified in the SPF record. You might try using SMTP-AUTH instead of
(or alongside) POP-before-SMTP to see if it corrects the issue, as long as
your users' mail clients will support it (and if their client doesn't
support it, make them get a better mail client).
