> does your simple relay reject the mail, does your server reject the mail > when receiving from the relay, or do remote servers reject the mail from > your simple relay?
The remote servers reject, or place in spam, bounced and NDR's from the relay, due to a strict DMARC policy. > Note that "bounce" happens when mail server receives a mail, but is unable > to deliver it, so it constructs a bounce and sends is "back". > > the bounce itself should not trigger SPF (since the envelope from is empty) > nor DKIM > (unless server creating the bounce uses a domain that it can't sign) Apparently internally generated email by Postfix does not go through the milter and therefore does not get signed by OpenDKIM. It also appears to come from a sub-domain, the HELO name, and not just the SLD (in this particular case) which causes it to fail SPF as well (and possibly because of this wouldn't get signed by the milter if it was directed through it).
