Postfix 标头指出错误的 IP

我在 Debian 8.0 上使用 Postfix 2.11.3

我将 Postfix 配置为运行多个实例（3），每个连接到我们服务器的公共 IP 一个，以便根据服务平衡传出流量。

我为所有子域配置了 DKIM 和 SPF（每个 IP 1 个子域），但有时我会从 GMail 和其他提供商收到 SPF 和 DKIM 失败，查看标题似乎接收邮件服务器无法解析我的 IP。

请检查以下标题作为示例

Delivered-To: [email protected]
Received: by 10.28.221.87 with SMTP id u84csp184407wmg;
        Fri, 5 Jun 2015 19:26:17 -0700 (PDT)
X-Received: by 10.52.116.162 with SMTP id jx2mr11374004vdb.80.1433557576885;
        Fri, 05 Jun 2015 19:26:16 -0700 (PDT)
Return-Path: <[email protected]>
Received: from hello3.much.cheap ([2607:5300:60:6516::])
        by mx.google.com with ESMTP id f2si9741219vdb.2.2015.06.05.19.26.14
        for <[email protected]>;
        Fri, 05 Jun 2015 19:26:15 -0700 (PDT)
Received-SPF: permerror (google.com: domain of [email protected] uses a mechanism not recognized by this client. unknown  mechanisms: )) client-ip=2607:5300:60:6516::;
Authentication-Results: mx.google.com;
       spf=permerror (google.com: domain of [email protected] uses a mechanism not recognized by this client. unknown  mechanisms: )) [email protected];
       dkim=pass [email protected];
       dmarc=pass (p=NONE dis=NONE) header.from=hello3.much.cheap
Message-Id: <55725a47.220a340a.cc4f.ffffada7SMTPIN_ADDED_MISSING@mx.google.com>
Received: from hello3.much.cheap (hello3.much.cheap [167.114.180.233])
    by hello3.much.cheap (Postfix) with ESMTP id 27F7940083
    for <[email protected]>; Fri,  5 Jun 2015 22:26:10 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=much.cheap; s=hello;
    t=1433557570; bh=z/R8LvudDLyZmOBbw+42+SG7pLmnI+4/+E4YxHqibK4=;
    h=Date:To:From:Subject:From;
    b=tJdvbP1c+me6BwXx4Qayzwvw7GR+OFd/xG+OwCqXz/YNPVhTIS56HxGxRkEvnztTr
     ClouAavusckmwXfQ5GmwjWvzVlcIZc7eT9rkBrAL8Th+2YPXNiw4k36ZDRik9lfICp
     qpvcGIhruOCE4BBQFE31j2qEDTl6qVh2D0jSAbD8=
Received: from [167.114.180.233] by hello3.much.cheap with HTTP; Fri, 05 Jun 2015 22:26:09 -0400
Date: Fri, 5 Jun 2015 22:26:10 -0400
To: [email protected]
From: Chris <[email protected]>
Subject: Wonderful trip with family!
Bounces-To: [email protected]

如你所见，SPF 和 DKIM 都因错误解析的 IP 而失败：2607：5300：60：6516:: 最奇怪的是，在 SPF 和 DKIM 记录之后，谷歌实际上可以看到我的真实 IP（收到：来自 [167.114.180.233] 来自 hello3.much.cheap）

错误不是持续的，有时即使在第一个标头中它也会获得正确的 IP（167.114.180.233）并且所有检查都通过。

请注意，我没有设置防火墙/代理，并且相关的 postfix 实例已绑定到正确的 IP 地址

主配置文件

67.114.180.233:2533     inet  n       -       n       -       -       smtpd

主配置文件

myorigin = hello3.much.cheap
myhostname = hello3.much.cheap
mydomain = hello3.much.cheap
queue_directory = /var/spool/postfix-3
data_directory = /var/lib/postfix-3
multi_instance_group = outgoing
multi_instance_name = postfix-3
inet_interfaces = all
smtp_bind_address = 167.114.180.233
mynetworks = 127.0.0.0/8 167.114.64.22 167.114.180.232/29

smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject


milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
multi_instance_enable = yes

smtp_generic_maps = hash:/etc/postfix-3/generic

sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =  regexp:/etc/postfix-3/sender_canonical_maps
smtp_header_checks = regexp:/etc/postfix-3/header_check
mime_header_checks = regexp:/etc/postfix-3/header_check
header_checks = regexp:/etc/postfix-3/header_check
strict_mailbox_ownership = no

任何想法？