infra(mail): remove 18 dormant snowshoe IPs from postfix + host
Consolidate the outbound mail footprint to match the SPF intent (already
trimmed to .94/.107 on 2026-06-19). A 20-IP sending footprint reads as
snowshoe spam to receivers and was contributing to domain-reputation
throttling (Microsoft 451 4.7.500, Gmail low-reputation).
Removed from /etc/postfix/master.cf: transports yahooslow, out02-04,
out06-20, rehab02-04, HC submission ports 2527/2528, hcout2/hcout3.
Removed from /etc/network/interfaces (+ live ip addr del): host bindings
.90-.93, .95-.106, .108-.109. Kept: .94 (trucking/out05), .107 (HC/hcout1),
.71/.72 (infra).
Verified live: postfix check OK, both streams still status=sent post-change,
SSH session on .71 unaffected, transport_maps still routes via out05.
Snapshots: infra/postfix/live-snapshots/master.cf, infra/network/interfaces.
Live backups on server: /root/{master.cf,interfaces}.bak_snowshoe_*.
This commit is contained in:
justin
parent
14357a0223
commit
9dd6f53eb2
3 changed files with 235 additions and 3 deletions
28
infra/network/interfaces
Normal file
28
infra/network/interfaces
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
# This file describes the network interfaces available on your system
|
||||
# and how to activate them. For more information, see interfaces(5).
|
||||
|
||||
source /etc/network/interfaces.d/*
|
||||
|
||||
# The loopback network interface
|
||||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
# The primary network interface
|
||||
allow-hotplug ens18
|
||||
iface ens18 inet static
|
||||
address 207.174.124.71/23
|
||||
address 207.174.124.72/23
|
||||
# Mail sending IPs (consolidated 2026-06-23 to remove snowshoe footprint):
|
||||
# .94 = mta05 -> trucking stream (out05)
|
||||
# .107 = hcmta01 -> healthcare HOT stream (hcout1)
|
||||
# The dormant rotation pool (.90-.93, .95-.106, .108-.109 / mta01-20,
|
||||
# hcmta02-03) was removed: a 20-IP footprint reads as snowshoe spam and
|
||||
# hurt domain reputation. To re-expand later, re-add the address lines
|
||||
# here + the postfix transports (master.cf) + BOTH SPF records, SLOWLY
|
||||
# (one IP at a time, days apart, only after Postmaster Tools shows green).
|
||||
address 207.174.124.94/23
|
||||
address 207.174.124.107/23
|
||||
gateway 207.174.124.1
|
||||
# dns-* options are implemented by the resolvconf package, if installed
|
||||
dns-nameservers 8.8.8.8 8.8.4.4
|
||||
dns-search performancewest.net
|
||||
Loading…
Add table
Add a link
Reference in a new issue