Automatically maintain suppression list of reporting addresses for outgoing DMARC/TLS reports

[mjl-]

Some domains have reporting addresses in their DMARC records but don't actually accept reports sent to those addresses. We may get a rejection immediately when we try to deliver, we may get a DSN from a later hop, or we may get a non-DSN message explaining why the message couldn't be delivered (e.g. when someone configured a private mailing list as a reporting address.

This currently results in work for the postmaster, who has to look at these messages, and add the reporting address to the reporting address suppression list. That's a chore we can automate.

We should be sending outgoing DMARC reports with a unique smtp mail from address, and keep track of the corresponding original reporting address we sent the report to. Any message coming back to this unique smtp mail from address should cause the reporting address to be added to the suppression list automatically for a period, and ideally exponentially longer if the address has been added before. The DSNs/messages we received should be marked as read so they don't cause the postmaster to look. We'll still keep them around in case the postmaster wants to investigate.

Prompted by a question from mteege.