Hi Miguel! Check out this article from Dmarcian. It may be helpful... https://dmarcian.com/forwarding-and-dmarc// Hope this helps!

Unless a message is signed, it is impossible to distinguish forwarded mail from malicious impersonation.  

If you make any changes to the message content as it passes through your system, such as an External Sender warning or a "possible spam" warning, the message will lose DKIM signature authentication as a result.

Forwarded mail always loses SPF authentication for DMARC purposes:  If you don't rewrite the Mail From address, it will lose SPF PASS.   If you do rewrite the address, it will produce SPF Pass but it will not be aligned with the From address. 

Organizations that publish strict DMARC policies are telling recipients to block impersonation by blocking anything that does not arrive with DMARC credentials (aligned SPF PASS or aligned DKIM PASS.)  Therefore, Google is doing exactly what the originator's DMARC policy is asking them to do, and the problem has nothing to do with the version of SmarterMail, unless you can show that SmarterMail is making gratuitious changes that break DKIM signatures.

My opinion:   There is no reason to allow auto-forwarding.   Every user device has email client software available to handle multiple mailboxes, and that is what he should use.   (Since he does not want his mail on your system anymore, he is unlikely to be a customer for long, so I would not worry to much about making him annoyed.)  

The much bigger problem is that all of those messages that get quarantined or blocked by Gmail (and other sites) will eventually affect your server's reputation.   Why would you risk having your server get blacklisted for all clients, simply to satisfy the whims of a the small group of users?  It is not worth the risk, and you should tell him so.    

Thanks for the answers, but everything is well configured and checked by SmarterTools, and on the other hand I know the problems with using forwarding.

First of all, I would like to say that I have several tickets created with the errors that I am detecting. SmarteTools confirmed to me yesterday that they have managed to replicate two tickets. I am waiting for them to release an update.

I have been using SmarterMail since version 1 or 2 (I don't even remember) and I update the mail server every summer (for vacation). Before the summer I didn't have any problems. This summer the change has been a bit problematic because the version I installed had some serious problems. The technical service has solved all the problems except the ones I have with forwarding.

I know that forwarding is a big problem, but it exists and some clients have had it working without problems until this summer.

Every time a client complains, I have to review all their configuration, verify that the problem is real, document it to SmarterTools in the best way possible, and most of the time SmarterTools tells me that they cannot replicate the problem, which is logical and I understand it due to the complexity of the forwarding. As a programmer, I understand that if SmarterTools cannot replicate the problem, it cannot solve it.

My question was to find out if anyone else had had problems with the forwarding because I am surprised that no one else mentions it in the community.

I would like to take this opportunity to thank the technical service at SmarterTools. Many times we do not know how to value the work they do.

I had confirmed problems with broken signatures prior to build 8818.  After this point, I still had random problems with broken signatures but those problems were traced to my Barracuda.   

It is such a bear to isolate these problems.    We have to have the good luck to capture a single message before and after it is broken.   Then we need three servers to replay it -- one that submits the message, one that breaks it, and the one that detects it.   Then we re-run the message through two paths:

submitter - problem system - detector (to repeat the breakage)

and

submitter - detector (to prove absence of breakage)