Try to route outgoing messages through diff IPs depending on trust

Ideally, if there was auth on a message (kerberos/password remotely, or
legitimately sourced locally -- mailman messages dubiously count), we'd use one
IP, and forwarded messages (eg, mail to jim@ being forwarded to GMail) would
use another. That way, when GMail decided to hate the latter, the (more
important) former would still go through. I'm not quite sure how to decide
based on auth, so instead, I just whitelisting a few envelope senders, but it's
better than nothing.

See
https://serverfault.com/questions/663979/virtual-alias-domains-how-to-use-different-ip-addresses-when-forwarding-mail,
http://www.postfix.org/postconf.5.html#smtp_bind_address, and
http://www.postfix.org/postconf.5.html#sender_dependent_default_transport_maps
for some relevant docs.