Background
I am hosting Stalwart in a Kubernetes cluster. Ingress traffic uses a fixed load balancer IP (mail.example.com). Egress traffic uses a dynamic IP address, depending on the node on which the stalwart pod is scheduled.
I read that for E-Mail it is important to use a fixed IP address for egress traffic (sending emails), because of SPF and sender reputation.
To solve this, I am using a static floating IP address with the DNS and reverse DNS name mail-egress.example.com. Networking is configured so that all egress traffic from stalwart pods is sent using this egress ip.
Stalwart configuration
I configured stalwart to use mail-egress.example.com as the EHLO hostname and for submitting reports.
DNS management
I switched to stalwart automatic DNS management and it now generates
mail.example.com. IN TXT "v=spf1 a -all"
example.com. IN TXT "v=spf1 mx -all"
These records work fine if you send emails from the same IP as you receive emails (ingress path = egress path). But in my case, ingress is using the Load Balancer IP and egress is using the floating IP address.
Therefore, I need to use a different SPF record:
mail.example.com. IN TXT "v=spf1 a:mail-egress.example.com -all"
Feature request
Provide a way to configure the mail egress hostname. It should change the EHLO hostname, report submitter and SPF records.
Alternatively, allow to change the SPF record and require the user to manually configure EHLO hostname, report submitter and SPF record. Add documentation for cases where ingress path != egress path.