= Mail Abuse = See also [wiki:email-deliverability-status]. Mail sent to `abuse -@- mayfirst -.- org` is delivered to the abuse-collector user on octavia. A cron job runs regularly to parse incoming email using the bash script `parse-incoming-mail`. This scripts first deletes all archived email older than a year. Then, it extracts the IP address that sent each message in the in box using `parse-ip` and then moves the email message into the email-archive folder, filed under a sub-directory named by the IP address that sent it. The `mf-monitor-abuse-email` monitors the archive email directory to see if any IP addresses records more than 100 reports in the last 2 days (warning) or more than 1,000 (critical) and alerts nagios. The IP check is the base line check. In addition, there is additional parsing to gain a better understanding of who is responsible for the email. That parsing is done with the `analyze-message` script. This script attempts to identify who sent the spam message. If it can make an accurate assessment, it creates a symlink to the original message in the analyzed-messages directory (with a sub-directory for each sender). Lastly, the `abuse-stats` script offers a summary of the results and can be run any time to get a sense of where the abuse emails are coming from. By default it prints the stats for all email received in the last 365 days. You can pass an integer as the first argument to limit the stats to the last N days (e.g. `./abuse-stats 30` to see stats for the last 30 days). == To Do == Setup automatic email forwarding to email addresses associated with IP addresses or senders.