See this. (report is at the bottom of this email)
Apparently, your list software destroys both SPF and DKIM signatures causing rejects.
Since you repackage S/MIME mail to avoid breaking S/MIME, I would suggest doing the same
to avoid breaking SPF, eg repackage the mail in a new message/rfc822 container like this, and
also DKIM sign the repackaged mail, and also strip the invalid DKIM sig out.
A good idea can be then to put up a DKIM, SPF and DMARC record for lists.djigzo.com.
Then both SPF and DKIM will be verified against the domain “lists.djigzo.com”, not the sender domain, since the SPF/DKIM validator will always validate
mail on the outermost container:
···
From: users(a)lists.djigzo.com
To: <receiver of list mail>
Subject: Fwd: [original subject]
Content-Type: message/rfc822; boundary=”1234”;
--1234
From: sebastian(a)sebbe.eu
To: <receiver of list mail>
Subject: [original subject]
Content-Type: text/plain
Hello this is a test
--1234--
Here is the report I got from Yahoo:
<?xml version="1.0"?>
-<feedback>
-<report_metadata>
<org_name>Yahoo! Inc.</org_name>
<email>postmaster(a)dmarc.yahoo.com</email>
<report_id>1426038669.132883</report_id>
-<date_range>
<begin>1425945600</begin>
<end>1426031999 </end>
</date_range>
</report_metadata>
-<policy_published>
<domain>sebbe.eu</domain>
<adkim>s</adkim>
<aspf>s</aspf>
<p>reject</p>
<pct>100</pct>
</policy_published>
-<record>
-<row>
<source_ip>87.233.242.72</source_ip>
<count>1</count>
-<policy_evaluated>
<disposition>reject</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
-<identifiers>
<header_from>sebbe.eu</header_from>
</identifiers>
-<auth_results>
-<dkim>
<domain>sebbe.eu</domain>
<result>permerror</result>
</dkim>
-<spf>
<domain>lists.djigzo.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>