Upthread, I urged upgrading GNU Mailman so we got the ability to do a tailored DMARC mitigation aimed at just the asshat sending domains with p=reject or p=quarantine "strong" DMARC policies. It was late, I was tired, and I just assumed our version of Mailman (2.1.29) is too old for that feature, because there have a number of 2.1.x bugfix versions since then.

Well...

https://lists.balug.org/cgi-bin/mailman/admin/balug-announce/privacy/sender includes the desired

Action to take when anyone posts to the list from a domain with a DMARC Reject/Quarantine Policy.

...setting, and the desired option "Munge From" is already selected.

Accompanying item

Shall the above dmarc_moderation_action apply to messages From: domains with DMARC p=quarantine as well as p=reject

...is likewise present and set to "yes" as desired.

I have verified this is true of the other three balug-* lists, too.

So, DMARC damage _is_ being handled as well as MLM software can.

It still might be a good idea to look into what later packaged 2.1.x are available and feasible for this Debian release. I haven't checked the changelog, but worry that we're missing security bugfixes.