Ah! So what's failing is the final delivery, which of course makes sense with e.g. a hard fail configured for SPF. Of course, one could whitelist FreeBSD's servers, but that's fragile (IP adresses of FreeBSD are not under your control) and doesn't solve the problem in general.
I personally think the option of "hard fails" in these things doesn't make too much sense. There are too many possibilities how this could break, with "mailing lists" just being a prominent one ... some MUA with a "resend mail" function would be enough for example. IMHO, the sanest usage for SPF, DKIM and DMARC is as one source to compute a "score" for the mail (like rspamd and spamassassin can do it, and I'm pretty sure the large email providers also apply similar things). But as soon as you configure a hard fail, the receiver must reject the mail, regardless of all the other factors that would likely identify it as legitimate ...