This email server has three domains all for the same company just different departments. I believe the auto-reply’s are being sent from the Primary domain postmaster account or something like that , not from the actual email account.
I could not find anything in the log for the internal response, i could test it again when traffic is light in the AM.
This original sources message from the gmail account i used for testing outside accounts gives the best explanation.
it sees the email being sent on behave of the user from the Postmaster account from the main Domain instead of the originating domain and fails SPF. there are SPF and Dmarc setup for all the domains.
Gmail log.
Received: from mail.globepm-ca (static-207-54-xxx.x.ptr.teragonet-net [207.54.xxx.x])
by mx.google -com with ESMTP id f128si12509104pgc.55.2019.07.23.13.34.49
for <gpm****@gmail -com>;
Tue, 23 Jul 2019 13:34:49 -0700 (PDT)
Received-SPF: neutral (google-com: 207.54.102.1 is neither permitted nor denied by best guess record for domain of postmaster@mail.globepm-ca) client-ip=207.54.102.1;
Authentication-Results: mx.google-com;
spf=neutral (google-com: 207.54.102.1 is neither permitted nor denied by best guess record for domain of postmaster@mail.globepm-ca) smtp.helo=mail.globepm-ca;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=QUARANTINE) header.from=globepm-net
To: gpm****@gmail-com
From: <postmaster@globepm -net>
Subject: out of office
I have had to edit the response so it doesn’t look like links so any ,ca or .net .com the . has been removes so it doesn’t look like a link
Thank you in advance for any assistance.