On 2023-05-17 07:23:09 -0700 (-0700), Christian via Mailman-users wrote:
I have two SPF records in dns for the server as follows:
mail v=spf1 mx -all
lists v=spf1 ip4:45.79.28.18 -all [...]
That's not two SPF records for the domain, that's SPF records for two different domains (mail.ccalternatives.org and lists.ccalternatives.org) which just happen to be subdomains of the same parent domain. That should be completely fine according to the standard. Also the log you posted doesn't say anything to indicate that's an issue.
The problem seems to be with the lists SPF record specifically, according to the error you're receiving:
The MAIL FROM domain [lists.ccalternatives.org] has an SPF record 550-5.7.26 with a hard fail policy (-all) but it fails to pass SPF checks with 550-5.7.26 the ip: [192.46.218.224].
Your record says "allow lists.ccalternatives.org messages from 45.79.28.18 and reject them from everywhere else" except you're then trying to send lists.ccalternatives.org messages from 192.46.218.224 instead, which is correctly rejected by the recipient's MTA.
Jeremy Stanley