add suppression list for outgoing dmarc and tls reports

for reporting addresses that cause DSNs to be returned. that just adds noise.
the admin can add/remove/extend addresses through the webadmin.

in the future, we could send reports with a smtp mail from of
"postmaster+<signed-encoded-recipient>@...", and add the reporting recipient
on the suppression list automatically when a DSN comes in on that address, but
for now this will probably do.

dmarcdb/eval_test.go

@@ -312,7 +312,7 @@ func TestSendReports(t *testing.T) {
 
 			if optExpReport != nil {
 				// Parse report in message and compare with expected.
-				expFeedback.ReportMetadata.ReportID = feedback.ReportMetadata.ReportID
+				optExpReport.ReportMetadata.ReportID = feedback.ReportMetadata.ReportID
 				tcompare(t, feedback, expFeedback)
 			}
 
@@ -348,6 +348,18 @@ func TestSendReports(t *testing.T) {
 	evalOpt.Optional = true
 	test([]Evaluation{evalOpt}, map[string]struct{}{}, map[string]struct{}{}, nil)
 
+	// Address is suppressed.
+	sa := SuppressAddress{ReportingAddress: "dmarcrpt@sender.example", Until: time.Now().Add(time.Minute)}
+	err = db.Insert(ctxbg, &sa)
+	tcheckf(t, err, "insert suppress address")
+	test([]Evaluation{eval}, map[string]struct{}{}, map[string]struct{}{}, nil)
+
+	// Suppression has expired.
+	sa.Until = time.Now().Add(-time.Minute)
+	err = db.Update(ctxbg, &sa)
+	tcheckf(t, err, "update suppress address")
+	test([]Evaluation{eval}, map[string]struct{}{"dmarcrpt@sender.example": {}}, map[string]struct{}{}, expFeedback)
+
 	// Two RUA's, one with a size limit that doesn't pass, and one that does pass.
 	resolver.TXT["_dmarc.sender.example."] = []string{"v=DMARC1; rua=mailto:dmarcrpt1@sender.example!1,mailto:dmarcrpt2@sender.example!10t; ri=3600"}
 	test([]Evaluation{eval}, map[string]struct{}{"dmarcrpt2@sender.example": {}}, map[string]struct{}{}, nil)