We just got some data from a DMARC report I setup, tools2002 is sending mail but doesn't actually comply with our policies. We don't enforce on subdomains but we should fix that.
We need to make 2 changes:
- add ip:188.8.131.52 to the spf record (that's the fosshost node's ip)
- use opendkim to sign mail - https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy