We received sporadic reports of ORF blacklisting emails from the users’ own domain, because it does not find any MX or A/CNAME record for it. Of course, these records clearly exists when checked from the outside using nslookup, which makes the customer believe it is something wrong with ORF.
Actually, the problem is DNS-related and typically occurs when somebody uses a local DNS server in ORF for DNS resolution (which is recommended), but the very same local DNS acts as the authoritative DNS for his own domain. A common factor leading to this if the internal AD domain is the same as the public domain (e.g. domain.com, instead of domain.local or domain.internal or something like that).
To solve this, you should either switch to external DNS servers in ORF, or consider setting up another DNS server (e.g. on the local host) that forwards to the root DNS servers. The latter is the recommended method.
Or Create MX records in your local DNS server, and add your spf record in it.