| | 1 | = Mail Abuse = |
| | 2 | |
| | 3 | See also [wiki:email-deliverability-status]. |
| | 4 | |
| | 5 | Mail sent to `abuse -@- mayfirst -.- org` is delivered to the abuse-collector user on octavia. |
| | 6 | |
| | 7 | A cron job runs regularly to parse incoming email using the bash script `parse-incoming-mail`. This scripts first deletes all archived email older than a year. Then, it extracts the IP address that sent each message in the in box using `parse-ip` and then moves the email message into the email-archive folder, filed under a sub-directory named by the IP address that sent it. |
| | 8 | |
| | 9 | The `mf-monitor-abuse-email` monitors the archive email directory to see if any IP addresses records more than 100 reports in the last 2 days (warning) or more than 1,000 (critical) and alerts nagios. |
| | 10 | |
| | 11 | The IP check is the base line check. |
| | 12 | |
| | 13 | In addition, there is additional parsing to gain a better understanding of who is responsible for the email. That parsing is done with the `analyze-message` script. This script attempts to identify who sent the spam message. If it can make an accurate assessment, it creates a symlink to the original message in the analyzed-messages directory (with a sub-directory for each sender). |
| | 14 | |
| | 15 | Lastly, the `abuse-stats` script offers a summary of the results and can be run any time to get a sense of where the abuse emails are coming from. |
| | 16 | |
| | 17 | == To Do == |
| | 18 | |
| | 19 | Setup automatic email forwarding to email addresses associated with IP addresses or senders. |
| | 20 | |
| | 21 | |
