I successfully set up DMARC, DKIM and SPF for my mailserver's domain, but delivery reports created by Postfix fail the DKIM/SPF tests.
The headers of regular messages (sent via my mailserver) look like this:
Authentication-Results: posteo.de; dmarc=pass (p=quarantine dis=none) header.from=mail.my.domain
Authentication-Results: posteo.de; spf=pass smtp.mailfrom=my.domain
Authentication-Results: posteo.de;
dkim=pass (2048-bit key) header.d=mail.my.domain [email protected] header.b=FGiVXFOU;
dkim-atps=neutral```
Delivery reports have these headers:
Authentication-Results: posteo.de; dmarc=fail (p=quarantine dis=none) header.from=mail.my.domain
Authentication-Results: posteo.de; spf=tempfail smtp.helo=mail.my.domain
The Authentication-Results DKIM header is missing as there is no DKIM signature (I use rspamd as an smptd_milter to sign messages), and the SPF authentication result refers to smtp.helo instead of smtp.mailfrom. Is there any way to configure Postfix such that the delivery reports a) are DKIM-signed and b) contain an smtp.mailfrom header to pass the SPF test?
Update: jnrcorp asked the same question 5 years ago (sorry), and the answer to a) is an addition to Postfix's main.cf (internal_mail_filter_classes = bounce), but b) remains unsolved – although there is an SPF entry for my mail.my.domain, SPF fails. Could this be caused by the circular MX entry:
mail.my.domain 60 IN MX 10 mail.my.domain
