You’ve turned off find related posts with key (I hope you read the warning) thus Discourse is using the in-reply-to mail header to determine to which topic/post the reply should be referencing.
It can’t do that for bounces - Discourse needs to know the specific message which bounced and that information is only guaranteed to be in one spot - the To: address (which comes from the envelope-from address of the original message).
For this to work, when Discourse sends a message, it needs to receive the reply to the address from which it came. Discourse looks in the To: header for this (not the envelope-to).
is spoofing the gmail domain
If you want to send mail from a gmail address, you need to send it via their servers. But they don’t like that.
Doesn’t look like you’ve configured DKIM for yyy.com; you should do that. If you get that right, DMARC should pass.