Reliable Linux Server Alerts with Mailgun
This post was written and contributed by Major Hayden, Principal Architect at Rackspace.
Today's multi-cloud world allows for lots of flexibility, but infrastructure sprawl creates serious challenges for email delivery. Mailgun customers already know how it can help them send critical business emails, such as receipts, newsletters, and promotions. What about all of those other emails that servers need to send when something goes wrong?
Servers often need to send out an alert via email when something goes wrong or when an administrator needs to be aware of a change. For example, most cron job failures end up creating emails that are shipped to someone on the system. These emails often fall into the
root user's mailbox.
For some servers,
root's mailbox is a black hole because the account isn't configured to forward email elsewhere. For others, a system administrator might configure another address to receive the
root user's email. Getting that email delivered outside the server is challenging in cloud environments for many reasons:
- Many IP addresses on cloud platforms are already in email blacklists
- Reverse DNS isn't always configured correctly by adminstrators in cloud environments
- Maintaining SPF records for constantly fluctuating environments is difficult
- Distributing DomainKeys configurations reliably is also difficult
- Some alert emails may be dropped into spam folders due to their content, despite getting everything right in the mail server configuration
- Some cloud providers block outbound connections on common SMTP ports (like 25, 465, and 587)
Mailgun can deliver these important emails reliably on almost every system with internet access. Common MTA's like postfix or sendmail can connect to Mailgun's SMTP Relay service and send email with very little configuration. In addition, all of that email can be delivered securely with SSL/TLS.
I've made this process a little easier by creating an Ansible role called ansible-mailgun that will install postfix and configure it to use Mailgun as an SMTP relay. The role can be easily added to any existing Ansible playbook:
- name: Deploy Mailgun SMTP configuration hosts: all vars: - mailgun_username: (mailgun_smtp_username) - mailgun_password: (mailgun_smtp_password) - root_forward: firstname.lastname@example.org roles: - ansible-mailgun
There are only three variables to configure for the role to work. First, the mailgunusername_ and mailgunpassword_ appear in the Mailgun dashboard for each domain under the Domain Information heading. The rootforward_ variable should be set to an email address that can receive the email for the
root user on each server.
Here's how it works when an alert email is generated on one of the servers with the
ansible_mailgun role applied:
- The alert email is dropped into the postfix's delivery queue for root
- Postfix connects to Mailgun via SMTP to forward the email (the address configured as rootforward_ in the Ansible role)
- Mailgun delivers the email to the user who is configured to receive
This mail delivery path ensures that your alerts are delivered reliably, no matter where they're generated.