perhaps it would be easiest to add a config option and support to get dovecot-LDA to use SRS forwarding (https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme)?
that sorts out the SPF issue and DKIM still works fine (as none of the DKIM headers are changed). however, you then need to make sure your mailserver can forward DSNs back to the original sender (as rewriting the envelope from to your own domain during forwarding causes DSNs to come back to you from MTAs that are not SRS aware).
On 2022-09-26 03:22, Marc wrote:
As this page[1] describes a more often occurring problem of forwarding messages from servers that are not included in the spf records. Maybe there should be a plugin that offers this forward functionality. Something like
get the spf records of the sender check if there is a -all then apply the sender substitution.
https://doc.dovecot.org/configuration_manual/sieve/configuring_auto_forward_...