I use postfix for the mail on my domain, and I was trying out the fedora packages opendkim and opendmarc as "milters" --

/etc/postfix/main.cf
Code:
smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8893                                                                                                                                         
non_smtpd_milters = $smtpd_milters                                                                                                                                                              
milter_default_action = accept
namely, opendkim and opendmarc provide their services via tcp on the loopback interface, ports 8891 and 8893 respectively, and they do the whole SPF+DKIM+DMARC "suite" thing for both incoming and outgoing mail.

i'm not going into great detail here, but my outgoing mail does appear to get a final overall technical "pass" with my very basic configuration.

now opendkim is "smart" in that it knows to sign outgoing mail but only to check the signatures on incoming mail.

opendmarc, on the other hand, seems to work okay for incoming mail from another server to be relayed, but mail submitted by a local user's mail client on port 587 or 465 is "miltered" just the same as though it came from another server on port 25, and generates "fail" headers because my mail client is not connecting from an SPF-permitted sender.

Code:
Delivered-To: justina.colmena@gmail.com
Received: by 10.31.10.140 with SMTP id 134csp1017077vkk;
        Wed, 25 Apr 2018 11:21:40 -0700 (PDT)
X-Google-Smtp-Source: AIpwx48l8FO9rmga7CuQG3irvlulllY1TelAtiK9PfHcYeU45/KQgfRo6t7irJlkobT8yYAr3jGi
X-Received: by 10.31.110.14 with SMTP id j14mr20885795vkc.192.1524680500079;
        Wed, 25 Apr 2018 11:21:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524680500; cv=none;
        d=google.com; s=arc-20160816;
        b=XWb+4GrVLG512HZt96YlgN7ZCWguv1VEyfqsF55xE8qNSAegjQTvr8dpfvzYUTf64w
         pxJax2KbZzX5FsVO2fEfdv5isew6S7pnKuOKiHiZh1366TGmPJNQqQVK+47ihuhUem4g
         rFtVB4ndYCraSIhbiLK3HpME1WzYEj3oWmRX4mTXi2eX1mJjW2miwmUKPE/JiqQCPXyi
         NL1mf57AQ8PS+IoDD+UUXa3yDIU7Q0XPO32vFFRmy1E44/dnfST2ru9OKbHSuvTV8v1F
         dAFxzZdwygxIn/LkrQJmIdDbL2Iw4pkLW/HZgQ3J56RUsZ7NA7toh4rIRU+z1uXuciRy
         0NEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:organization:message-id:subject:to:from:date
         :dkim-signature:dkim-filter:dmarc-filter:arc-authentication-results;
        bh=ul/9+rvBq7/bpbOqlOjlUNswmpElDnxS0sRSN8oKi9A=;
        b=CT6kNZfE6FFQ3FdvvM2erzzMLG0gDE6D4obBqAAa0b45ZSM+OZM9xVXnxn39kTyEKy
         eOf5B4FslFoXG+MBLjNF80tcdcf6NvdtxgiwnDWL2PKhROfTsNEOmYA7bJVjEkZqAizr
         w1fDl8TxOhb0xcMDGP6ZJvqB+/eWYv47mxyDoYzx4o6JQ6ZUFLJkZianvbvpL0Nd4TVc
         hHo2kmSvhqfbIIwrcNUFZNwT4kkJGmQCkePv2xlArLDS08jQPnNHUPd+BmQWbnIF6I39
         cKnf18iltG0bAQHMMvvQYzGV4uFP275FPFy8fjvjHmzefTPJxv4TgDbR00JlFj2LObMw
         kMBw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@colmena.biz header.s=default header.b=BEHou2nA;
       spf=pass (google.com: domain of justina@colmena.biz designates 2001:19f0:9002:d18:5400:1ff:fe34:4aa6 as permitted sender) smtp.mailfrom=justina@colmena.biz;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=colmena.biz
Return-Path: <justina@colmena.biz>
Received: from miel.colmena.biz (miel.colmena.biz. [2001:19f0:9002:d18:5400:1ff:fe34:4aa6])
        by mx.google.com with ESMTPS id r30si8326282uag.60.2018.04.25.11.21.39
        for <justina.colmena@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Wed, 25 Apr 2018 11:21:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of justina@colmena.biz designates 2001:19f0:9002:d18:5400:1ff:fe34:4aa6 as permitted sender) client-ip=2001:19f0:9002:d18:5400:1ff:fe34:4aa6;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@colmena.biz header.s=default header.b=BEHou2nA;
       spf=pass (google.com: domain of justina@colmena.biz designates 2001:19f0:9002:d18:5400:1ff:fe34:4aa6 as permitted sender) smtp.mailfrom=justina@colmena.biz;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=colmena.biz
Received: from localhost (162-229-237-24.static.gci.net [24.237.229.162])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	by miel.colmena.biz (Postfix) with ESMTPSA id A3EA47D0B9
	for <justina.colmena@gmail.com>; Wed, 25 Apr 2018 18:21:38 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 miel.colmena.biz A3EA47D0B9
Authentication-Results: miel.colmena.biz; dmarc=fail (p=reject dis=none) header.from=colmena.biz
Authentication-Results: miel.colmena.biz; spf=fail smtp.mailfrom=justina@colmena.biz
DKIM-Filter: OpenDKIM Filter v2.11.0 miel.colmena.biz A3EA47D0B9
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=colmena.biz;
	s=default; t=1524680499;
	bh=ul/9+rvBq7/bpbOqlOjlUNswmpElDnxS0sRSN8oKi9A=;
	h=Date:From:To:Subject:From;
	b=BEHou2nAPS1jg1UbWE8/XOsGE/CslJDFzPm9UucUFxNWr4wj3Hn53SpLs+F5AiNb5
	 a5VVCl5zVwu5GpiblJPKqgL/jiIXKJL/UJiPpO6WQZnAd2lgCdHA42n8DTEP2HmULV
	 CjlJX5i2jOUTTUW1X2ilLZxQTT2OIgQnFg07AnwE=
Date: Wed, 25 Apr 2018 10:21:30 -0800
From: justina colmena <justina@colmena.biz>
To: justina.colmena@gmail.com
Subject: mail functions
Message-ID: <20180425102130.5ee2a622@colmena.biz>
Organization: las abejas
X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.32; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 boundary="Sig_/U/lJHf/fKO6Zifu7qM2vSQK"; protocol="application/pgp-signature"

--Sig_/U/lJHf/fKO6Zifu7qM2vSQK
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

asdf jkl;

--Sig_/U/lJHf/fKO6Zifu7qM2vSQK
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE0HhSZ1CNLxOXHl2XMCkMRiRygQoFAlrgxyoACgkQMCkMRiRy
gQpa2A/6ApGvIlPXQLv1PKvOBrWgSYyCHdr4CiJvdQGzcisbbTkKkg79pJH9+36l
7JmLt7QzKAXinXkquboYpSRz2BMTiPGQ/poXerTE43RxTmExglTtvSgm9jlU+Sbg
yTp6rAGicU7BdZ0iK43cBFktvRDnrDTvGslvndsUn1XKzlsIVtmGEgilZCBZA94d
mIXPXCwIafzx08Zim2bVUQCP2Q+e3F9bOuwFWUz/CAWkQsDwkuyJmV5KFZnpigcW
S/+YTjtIrMc+YEQH7vfrB5qQxJbnxBBM2a2M/hkOSNQyjzJhbYVObpqbZUj6wbGa
4fVR5n+9UUS7U4/hR5dl0sJh6QBgFHOyW7tvzZnavAUVNowxc8Pm1nQ5+4Cs8IpO
LhHf234j0EMbD8GwH7hPX6cRr9rEe6sJmUUxDc8R3032EXGyzydfNMXQFyNGKahU
DYt9+mvkazTTXnPoAuDAbepeyRe6bKXDfYOFxcUrD/HTo6VMFoe3w2hDujAFlzFN
HssCihzyPzJSnd4IzDYD2oq2hVuiKtIrMHV7dsGyLB3+E1rzh5OMsPWqIFcPFKw/
EyxZkkrTruv3H3t/4W/NtCyoB34LfrImNb57xHTthMPERiQTkOhcWk1u8U2Q8B39
TcaMD3lMt3RlVRHusd7s3IdxjWm26/ywvZU6wZRXz+fM66fvJSU=
=+Gie
-----END PGP SIGNATURE-----

--Sig_/U/lJHf/fKO6Zifu7qM2vSQK--
is it really necessary to stamp incoming mail from an authenticated local client (which cannot possibly pass spf) with dmarc fail headers?