Changes between Initial Version and Version 1 of mail-abuse

Feb 9, 2017, 12:33:59 PM (4 years ago)
Jamie McClelland



  • mail-abuse

    v1 v1  
     1= Mail Abuse =
     3See also [wiki:email-deliverability-status].
     5Mail sent to `abuse -@- mayfirst -.- org` is delivered to the abuse-collector user on octavia.
     7A cron job runs regularly to parse incoming email using the bash script `parse-incoming-mail`. This scripts first deletes all archived email older than a year. Then, it extracts the IP address that sent each message in the in box using `parse-ip` and then moves the email message into the email-archive folder, filed under a sub-directory named by the IP address that sent it.
     9The `mf-monitor-abuse-email` monitors the archive email directory to see if any IP addresses records more than 100 reports in the last 2 days (warning) or more than 1,000 (critical) and alerts nagios.
     11The IP check is the base line check.
     13In addition, there is additional parsing to gain a better understanding of who is responsible for the email. That parsing is done with the `analyze-message` script. This script attempts to identify who sent the spam message. If it can make an accurate assessment, it creates a symlink to the original message in the analyzed-messages directory (with a sub-directory for each sender).
     15Lastly, the `abuse-stats` script offers a summary of the results and can be run any time to get a sense of where the abuse emails are coming from.
     17== To Do ==
     19Setup automatic email forwarding to email addresses associated with IP addresses or senders.