There are two options for how to handle this. The first method would only set the main domain to use the external IP on account creation in the DNS Zone template, while the second method will work to set the IP for cPanel > Email Authentication area.
Method One - DNS zone template
First, you could remove the option to set it in cPanel for these accounts by removing "Email Authentication" area in WHM > Packages > Feature Manager for the set package the plan(s) is/are using, then hard-code in the WHM > DNS Functions > Edit Zone Templates area for each zone template to use the right IP for the SPF TXT record:
%domain%. IN TXT "v=spf1 a mx ip4:externalIP# ?all"
The above would have a hard-coded entry for the SPF record for the main domain. Please replace externalIP#
with the IP number for the external machine. This zone template record would be used for new accounts during creation.
Please note that the zone templates are not used for addon, subdomain and parked domain name creations.
Method Two - Revising SPF.pm file
The /usr/local/cpanel/Cpanel/SPF.pm file handles the SPF installation script that runs "/usr/local/cpanel/bin/spf_installer username" and is also used in cPanel > Email Authentication area for setting the IP for the SPF record. First, make a backup of the file:
cp /usr/local/cpanel/Cpanel/SPF.pm /usr/local/cpanel/Cpanel/SPF.pm.bak
Next, if you revise the lines that have this:
my $mainip = Cpanel::DIp::getmainserverip();
To have this instead:
my $mainip = 'externalIP#';
By replacing externalIP#
with the IP such as let's say it is 220.127.116.11, you'd get the following:
my $mainip = '18.104.22.168';
This will then use the hard-coded IP when installing the SPF records. This will occur for all parked, addon, and subdomains on the account for the SPF installation. Whenever the user in cPanel > Email Authentication area enables SPF records, the hard-coded IP will be used.
Please note that the code entry occurs twice in the file (on lines 25 and 75 for my copy of /usr/local/cpanel/Cpanel/SPF.pm), so you would need to revise both entries. If you only revise the initial entry, only the main domain will be changed to that new hard-coded IP, while parked, addon, and subdomains will not be.
You may also want to put that file into the exclude list for cPanel so it does not get overwritten on cPanel updates:
echo "/usr/local/cpanel/Cpanel/SPF.pm" >> /etc/cpanelsync.exclude