I have a problem with mailenable and i'm not sure is it mailenable, SPF, or NAT problem?
So we have firewall that is NATing local IPs 192.168.10.x to some public, lets just say for sake of argument 1.1.1.x
So APP server has IP 192.168.10.11 and it is NATed to 22.214.171.124, MAIL server has IP 192.168.10.10 and it is NATed 126.96.36.199.
APPlication server is sending mail trough internal network 192.168.10.x. SMTP on mail enable is receiving email on local IP and is sending outside with public IP 188.8.131.52.
This is been working just fine for years. Now they want to implement SPF record on their domain. SPF is rather simple for testing purposes:
domain.com. IN TXT "v=spf1 mx ~all"
and MX is public IP od MAIL server.
For test purpose we made on client some rule that will catch all SoftFails from header and move them to folder so we can analyse it. And it started filling up. But, from header we see:
Received-SPF: SoftFail (mail.domain.com: domain of transitioning
firstname.lastname@example.org discourages use of as permitted sender)
So it has private IP in there. I cant put private IP on SPF because it will loose point of SPF since everyone can bring some SMTP and put that private IP inthere and send spam to that domain.
My question is, how can we tell MailEnable to put NATed IP (184.108.40.206) in header and not private one (192.168.10.10)?