From 545e6f7ed77f1df677d903383f9a64649320c5ec Mon Sep 17 00:00:00 2001
From: justin <justin@liquidator.optimal-reality.com>
Date: Thu, 18 Jun 2026 17:41:07 -0500
Subject: [PATCH] infra(mail): consolidate sending IPs (kill snowshoe) now that
 DKIM is fixed

The multi-IP rotation was built to spread risk while DKIM was broken (fixed
2026-06-17) and after the May 30-31 over-volume blast. With DKIM signing
correctly, spreading ~3k trucking msgs/day across 12 IPs (.94-.105) + ~1.2k
healthcare msgs/day across 3 IPs (.107-.109) gave each IP far too little
per-receiver volume to build reputation. Gmail/Outlook read it as snowshoe spam
and reputation-blocked ~200 msgs/day ("very low reputation of the sending
domain") -> 0 human clicks, 0 sales.

Consolidate to ONE IP per stream so each accrues real reputation:
 - trucking: pw-mta-warmup ALL=(out05) -> randmap collapses to {out05:} = .94
 - healthcare: listmonk-hc SMTP servers 2/3 (ports 2527/2528 -> .108/.109)
   disabled in DB; all HC mail now egresses .107 (hcmta01). [applied live]

Applied live: transport_maps now randmap:{out05:}; listmonk-hc restarted.
To re-expand later: add transports back to ALL + re-enable the HC SMTP servers.
---
 infra/postfix/pw-mta-warmup.sh | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/infra/postfix/pw-mta-warmup.sh b/infra/postfix/pw-mta-warmup.sh
index 0245652..53eb42a 100755
--- a/infra/postfix/pw-mta-warmup.sh
+++ b/infra/postfix/pw-mta-warmup.sh
@@ -26,9 +26,16 @@ POSTFIX=/usr/sbin/postfix
 
 # Rotation transports. .90 is Yahoo-dedicated, not in rotation. out02/03/04
 # (.91/.92/.93) were reputation-torched by the May 30-31 over-volume blast and
-# are retired. Warmup starts at fresh out05 (.94).
-ALL=(out05 out06 out07 out08 out09 out10 out11 \
-     out12 out13 out14 out15 out16 out17 out18 out19 out20)
+# are retired.
+#
+# CONSOLIDATED 2026-06-18: the multi-IP snowshoe rotation was built to spread
+# risk while DKIM was broken (fixed 2026-06-17). With DKIM signing correctly,
+# spreading ~3k msgs/day across 12 IPs gave each IP too little per-receiver
+# volume to build reputation -> Gmail/Outlook flagged it as snowshoe spam
+# ("very low reputation of the sending domain"). We now concentrate the entire
+# trucking stream on ONE warm IP (out05 = .94) so it accrues real reputation.
+# To re-expand later, add transports back to ALL and bump the schedule below.
+ALL=(out05)
 
 if [ "${1:-}" = "--start" ]; then
   date +%s | sudo tee "$STATE" >/dev/null