ZMS-165

lib/auth.js

@@ -23,14 +23,24 @@ async function hookMail(plugin, connection, params) {
     let spfResult;
 
     try {
+        const isRemotePrivate = connection.remote.is_private;
+
         spfResult = await checkSpf({
             resolver: plugin.resolver,
-            ip: connection.remote.ip, // SMTP client IP
+            ip: isRemotePrivate ? undefined : connection.remote.ip, // SMTP client IP (undefined for if remote is private network)
             helo: connection.hello?.host, // EHLO/HELO hostname
             sender: txn.notes.sender, // MAIL FROM address
             mta: connection.local?.host, // MX hostname
             maxResolveCount: plugin.cfg?.auth?.dns?.maxLookups
         });
+
+        if (isRemotePrivate) {
+            // given undefined client ip verification will by default return neutral SPF result, replace 'undefined' with the IP
+            spfResult.status.comment = spfResult.status.comment.replaceAll('undefined', connection.remote.ip);
+            spfResult.header = spfResult.header.replaceAll('undefined', connection.remote.ip);
+            spfResult.info = spfResult.header.replaceAll('undefined', connection.remote.ip);
+        }
+
         txn.notes.spfResult = spfResult;
     } catch (err) {
         txn.notes.spfResult = { error: err };