Sonic:
> > does your simple relay reject the mail, does your server reject the mail
> > when receiving from the relay, or do remote servers reject the mail from
> > your simple relay?
>
> The remote servers reject, or place in spam, bounced and NDR's from
> the relay, due to a strict DMARC policy.
>
> > Note that "bounce" happens when mail server receives a mail, but is unable
> > to deliver it, so it constructs a bounce and sends is "back".
> >
> > the bounce itself should not trigger SPF (since the envelope from is empty)
> > nor DKIM
> > (unless server creating the bounce uses a domain that it can't sign)
>
> Apparently internally generated email by Postfix does not go through
> the milter and therefore does not get signed by OpenDKIM.
Try setting
/etc/postfix/main.cf:
internal_mail_filter_classes = bounce
(this assumes that you have configured "non_smtpd_milters" to invoke
the DKIM signer).
> It also appears to come from a sub-domain, the HELO name, and not just
> the SLD (in this particular case) which causes it to fail SPF as well
The sender domain is condigured with myorigin, you need to change
that if you want the domain instead.
Wietse
