bob B via Mailman-users writes:
If I set the dmarc to "replace with list address". the same message gets shunted.
If you can't allow the public suffix list (PSL) to be refreshed occasionally, it's cached by mailman/rules/dmarc.py, so you can prime the cache yourself. The file is $var_dir + "public_suffix_list.dat". var_dir and the cache lifetime are set in mailman.cfg. See section [dmarc], variable "cache_lifetime". The value should be a positive integer, with optional suffix from "dhms" with interpretation days, hours, minutes, seconds. (I think you can combine them as in 1h30m, but for this purpose a 10-digit number with any suffix should do.)
If the section or value is missing, just insert it yourself so it looks like
[dmarc] cache_lifetime: 1000000000s
Not sure why it is trying to contact publicsuffix.org?
The PSL (according to the home page of publicsuffix.org) is
A "public suffix" is one under which Internet users can (or
historically could) directly register names. Some examples of
public suffixes are .com, .co.uk and pvt.k12.ma.us. The Public
Suffix List is a list of all known public suffixes.DMARC processing is quite burdensome for the DNS system, because it iterates up the chain of superdomains for the from address, looking for _dmarc.$domain each time, only stopping at the toplevel domain. Since each mail domain decides its own DMARC policies, and the public suffixes are (almost by definition) not mail domains, the PSL is an extremely useful and accurate heuristic.
The savings can be large. For mydomain.pvt.k14.ma.us, with the public suffix list I check only mydomain.pvt.k14.ma.us, and if it fails I conclude there is no DMARC policy for mydomain. Without the PSL, DMARC requires looking at _dmarc.pvt.k14.ma.us, _dmarc.k14.ma.us, _dmarc.ma.us, and _dmarc.us, as well -- *all of which will fail because the suffixes are not mail domains*. The PSL saves 80% of the requests. That's an extreme example, but most countries do have similarly deep public suffixes, and most Internet domains hang off of names at least two deep like co.uk.
Steve