Changes between Version 21 and Version 22 of email-deliverability


Ignore:
Timestamp:
Sep 19, 2017, 12:17:38 PM (2 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • email-deliverability

    v21 v22  
    11= Email Deliverability Strategies =
    22
    3 The goals of these changes are:
     3Our goals are:
    44
    55 * Prioritize sending of individual email over sending of bulk email
     
    99== Using mail.mayfirst.org ==
    1010
    11 Currently we allow people to relay mail via either their primary server or mail.mayfirst.org. We should alert people of a cut-over time and then dis-allow mail relaying via the primary server.
     11All users should set their email clients (phone and desktop) to use `mail.mayfirst.org` as the outgoing/smtp server. By focusing on one domain we can better ensure deliverability.
    1212
    13 We should also permanently assign at least three IP addresses to our two mail.mayfirst.org servers and all bulk mail servers and provide a simple script for swapping the smtp bind IP address.  See also #3237
     13When an IP address gets blocked, see [wiki:individual-mail-relay our individual-mail-relay page] for instructions on how to change the sending IP.
     14
     15== Use bulk.mayfirst.org ==
     16
     17All web sites that send bulk email (e.g. CiviCRM) should be configured to relay through bulk.mayfirst.org (assata) which will relay via our [wiki:bulk-email-relay bulk email relay servers].
     18
     19By using our bulk mail relay servers, we ensure a high volume of legitimate email which offsets bad email.
    1420
    1521== Reduce impact of forwarded spam ==
     
    1723Like most providers, we allow people to forward mail sent to their MF/PL email address to another email account. As a result, spam sent to a user's MF/PL account is also forwarded, which gives the impression that we are spammers.
    1824
    19 Although I've been opposed to any form of email censorship, I think we should make an exception in this case and filter out messages that are tagged by Spamassassin as spam and send these messages to /dev/null. We can make this policy clear in the members control panel whenever someone chooses to forward email sent to them. And we should be clear that if they want to be sure to receive all mail sent to them, they must deliver it to an MF/PL user account. See #7556.
     25See #7556 for work on a solution to this problem.
    2026
    21 == Discourage web site mail relaying via primary host ==
     27== Monitoring ==
    2228
    23 Any server in our network can relay mail via bulk.mayfirst.org, however, many web sites still send email via localhost. We should implement a policy on primary hosts that limit the number of messages our primary hosts will send to 50 per user per hour.
     29Via Nagios, we currently monitor the following:
    2430
    25 == Improved monitoring ==
     31=== mailq ===
    2632
    27 Ross' has recently completed a nagios alert to warn us when the mailq for any server goes over 100.
     33If the mailq goes over 200 messages on any server we get a warning and if it goes over 500 we get an alert.
    2834
    29 We should add:
    30  * Monitor for known mail.log strings that indicate blocking (I have a list already): #831
    31  * Checking for signs that a web site is compromised (not sure how to do this): not assigned a ticket
    32  * Check for signs on mail.mayfirst.org that a relay mail account has been compromised (e.g. certain number of messages sent per hour): not assigned a ticket
     35**What to do**
     36
     37Run `mailq` to review the messages in the queue.
     38Run `postcat -q <id>` to view the messages in the queue that look suspicious
     39Run `mf-mailq-delete <email>` to mass delete messages in the mailq that are spam
     40
     41=== blocked messages ===
     42
     43If we have more than 20 blocked messages that fit a possible pattern of spam we get a critical alert.
     44
     45**What do to**
     46
     47Run `mf-check-blocklist -b` to get a human readable report of the blocked messages.
     48
     49Scan the mail.log to determine who and why we have the problem.
     50
     51=== Email relayers ===
     52
     53If a single sasl username relays more than 100 messages in a 24 hour period we get an alert.
     54
     55**What do to**
     56
     57Run `mf-check-relayers` to see who is being reported. Try to determine if they are sending illegimate email.
     58
    3359 * Use [http://exchange.nagios.org/directory/Plugins/Security/check_dnsbl/details the check_dnsbl Nagios plugin]: #5736
    3460
    3561== Pursue bulk mailer status and apply for feedback loops for our email list servers with major mail providers ==
    36 
    37 Many providers allow us to apply for bulk mailer status. We should pursue this for assata.mayfirst.org and leslie.mayfirst.org, our two mailing list servers.
    3862
    3963See [wiki:email-deliverability-status] for current status of our bulk mail and feedback loop applications.