hc-email: prod listmonk_hc installed + 3 SMTP servers + rampcap cron; end-to-end validated to Gmail via .107-.109

docs/healthcare-email-stream-plan.md

@@ -257,11 +257,37 @@ Committed and validated on dev:
    `.107/.108/.109` explicitly and ends `-all` (only 2 DNS-lookup mechanisms,
    `a mx` — safe under the 10 limit). DKIM selector `mail` published (2048-bit).
    DMARC `p=quarantine; pct=100; rua=dmarc@`. All domain-level, no change needed.
-3. **Install on prod**: create `listmonk_hc` DB + `--install`, configure its 3
-   SMTP servers (commands in deploy.sh header), run `hc_stream_setup.sh` on the
-   prod MTA, install `pw-hc-rampcap` cron.
-4. **Verify identity** with mail-tester / aboutmy.email from an hc IP (PTR + SPF
-   + DKIM + DMARC all pass) BEFORE importing the list.
+3. **Install on prod** — ✅ **DONE 2026-06-06.**
+   - Postfix hc stream already live on the app host (Postfix is co-located):
+     ports `2526/2527/2528` → `content_filter=hcout1/2/3:` → `smtp_bind_address`
+     `.107/.108/.109` + HELO `hcmta01/02/03`. Verified in master.cf.
+   - `listmonk_hc` DB existed (owner `pw`, was empty); ran
+     `docker compose run --rm --entrypoint /bin/sh listmonk-hc -c
+     './listmonk --install --idempotent --yes --config /listmonk/config.toml'`
+     → 16 tables, superadmin `api` created. `docker compose up -d listmonk-hc`
+     → container Up, `:9101` → 200.
+   - **3 SMTP servers configured directly in the `listmonk_hc.settings` table**
+     (the env-installed admin is a UI user, not an API-token user, so the REST
+     API rejects basic-auth; DB update is the clean path). Each points at
+     `172.18.0.1:2526/2527/2528` (docker bridge gateway → host Postfix hc ports),
+     `auth_protocol=none`, `tls_type=none`, `max_conns=2`,
+     `hello_hostname=hcmta0N`. Restart loaded "3 SMTP messengers".
+   - **End-to-end validated:** submitted one probe through each of 2526/2527/2528;
+     maillog shows each routed via its own `hcout1/2/3`, established a **Trusted
+     TLS connection to gmail-smtp-in.l.google.com:25**, and got a genuine Gmail
+     `550-5.1.1 NoSuchUser` (expected for the dummy recipient) — i.e. **no
+     PTR/SPF/reputation rejection**, FCrDNS accepted from all 3 hc IPs.
+   - ✅ `pw-hc-rampcap` installed at `/usr/local/bin/` + `/etc/cron.d/pw-hc-rampcap`
+     (daily 07:20, mirrors the trucking rampcap). The hc warmup stamp
+     `/etc/postfix/hc-warmup-start` exists (created by `hc_stream_setup.sh`), so
+     the ramp is on **day 0 → cap 100/h** (sliding window, 1h). Ramps to 1000/h
+     by day 10. Nothing sends until a list is imported.
+4. **Verify identity** — ⚠️ **PARTIAL.** The live-send probes already prove Gmail
+   accepts mail from `.107/.108/.109` with no PTR/SPF/reputation rejection (only
+   the dummy-recipient `550 NoSuchUser`). Still worth a **mail-tester.com /
+   aboutmy.email** run from an hc IP (send to their probe address through
+   listmonk-hc) to confirm the numeric score (DKIM-signed, DMARC aligned, content
+   spamassassin score) BEFORE the first real batch. Not started.
 5. **Free MX+SMTP verify** the institutional CSV on a non-sending IP, import the
    verified file into listmonk-hc, send small focused batches (overdue-first).