Ok, long story short: Dreamhost (yeah, I know) has some very odd anti-spoofing rules in place that were put in place in April but only seem to be doing anything as of last week. They disallow altering the FROM address on email composed on Dreamhost servers to other specific domains. You read that right, specific. This anti-spoofing rule only applies to yahoo, gmail and a few other domains. Most will pass through without an issue.
I, like millions of other domain owners use this spoofing to create emails that get delivered back to us when a customer fills out a contact form on our web site. Dreamhost have no provision to allow this for this kind of local mail relay and treat everything as if it's going outbound.
The workaround is now to use a fixed address at our own domain for the FROM and add the customer's email address in the Reply-To header. This has drawbacks, such as not being able to see the Reply-To address from iOS devices, not being able to add the customer to contacts, not being able to filter for that customer using the FROM search (there's no ability in Mac Mail to search only the "Reply-To" field for instance.
I think I can get my email to pass through a shell-based account and spool file so that I can run it through procmail - that's another headache to do, but I'll fire it out. I'm going to forward specific messages from my IMAP account to my procmail-enabled account.
But it's been years (like 20) since I've used procmail and I can surely use some help. My goal is to match on a specific address in the from field and then replace it with the address from the Reply-To field. In addition I'll add a new header item "X-Procmailed: true" before forwarding the message back to my IMAP account.
It might be a PITA to implement, but once it's done I have no reason to think it wouldn't be solid/bullet-proof. I used to have insanely long proemial files back in the day to handle spam and mailing lists that were a lot more complicated than what I want to do now.