From b45332b5f7e6ab7c4a0c648d3b5abbe824e4cfa1 Mon Sep 17 00:00:00 2001 From: justin Date: Fri, 19 Jun 2026 08:38:35 -0500 Subject: [PATCH] infra(cron): nightly mail-reputation snapshot (pw-mail-reputation) Runs mail_reputation_monitor --alert at 06:10 UTC, piping the day's postfix log (sudo cat, same pattern as pw-warmup-tg-alert) into the DB-connected workers container. Builds the daily SNDS-equivalent reputation trend and Telegram-alerts on operator regressions. Installed to /etc/cron.d/pw-mail-reputation. --- infra/cron/pw-mail-reputation | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 infra/cron/pw-mail-reputation diff --git a/infra/cron/pw-mail-reputation b/infra/cron/pw-mail-reputation new file mode 100644 index 0000000..7b186c2 --- /dev/null +++ b/infra/cron/pw-mail-reputation @@ -0,0 +1,12 @@ +# Nightly mail-reputation snapshot. Parses the day's postfix log and upserts +# per-IP/per-receiving-operator delivery outcomes into mail_reputation_daily, +# giving an SNDS-equivalent reputation trend (accepted% / throttled% / reputation- +# reject%) WITHOUT any provider login. --alert sends a Telegram warning if a big +# operator regresses (>=10% reputation rejects, or Microsoft >=70% throttled). +# +# The host owns /var/log/mail.log (root) but the DB is only reachable inside the +# docker network, so we `sudo cat` the log (deploy has NOPASSWD sudo, same as the +# warmup-tg-alert cron) and pipe it into the DB-connected workers container. +# Runs at 06:10 UTC (before the 06:30 scrub + the 07:00-08:00 campaign builders) +# so it captures the full prior day before logrotate. +10 6 * * * deploy { sudo cat /var/log/mail.log /var/log/mail.log.1 2>/dev/null; sudo zcat /var/log/mail.log.2.gz 2>/dev/null; } | (cd /opt/performancewest && docker compose exec -T workers python3 -m scripts.mail_reputation_monitor --alert -) >> /var/log/pw-mail-reputation.log 2>&1