Question: Possible to send authenticated server alerts?
I'm running a macOS server installation under my domain (myserver.mydomain.com). When Server.app sends email-based alerts (for when certificates are going to expire, or other "alert" based notifications), the email comes from email@example.com, as intended.
For email sent from my domain I require SPF and DKIM-signing to pass DMARC, otherwise, the message is rejected. My server's hostname is included in this (valid SPF, DKIM-signing and DMARC policy).
To ensure this was all set up and working properly, I set up the Mail service in Server.app on this box (I don't actually need the mail service for users, but was using it in testing the configuration of DKIM-signing, etc..). I've configured (the baked-in) postfix/amavisd-new to DKIM-sign outgoing mail from the server. And when I sent mail through this box, via SMTP, it gets signed and passes DMARC tests. All good.
But, I'm having an issue with server alerts. As server alerts aren't being sent from an authenticated user via SMTP, it's not possible to DKIM-sign them properly/securely. Thus, while they pass SPF, they fail DKIM. Same issue when sending mail from the command line.
Has anyone had to deal with this before?
I know Apple is pretty much killing off macOS Server, so I'm probably better off focusing on moving to a real server platform at this point, but as I've been supporting OS X Server/macOS Server for the better part of two decades, I'd love to know if there's a solution to this issue?