When mail is forwarded to role accounts, the envelope addresses are set in the wrapper script. This changes the envelope sender to be $FORWARDER, an ietf.org address, so SPF will pass and the mail will be authenticated even if there is no DKIM signature.
I am considerably less confident in this patch because I'm not sure the 0.41.0 wrapper I started with is the one currently in use.
When mail is forwarded to role accounts, the envelope addresses are set in the wrapper script. This changes the envelope sender to be $FORWARDER, an ietf.org address, so SPF will pass and the mail will be authenticated even if there is no DKIM signature.
I am considerably less confident in this patch because I'm not sure the 0.41.0 wrapper I started with is the one currently in use.