Reliable Linux Server Alerts With Mailgun

This post was written and contributed by Major Hayden, Principal Architect at Rackspace.

Today’s multi-cloud world allows for lots of flexibility, but infrastructure sprawl creates serious challenges for email delivery. Mailgun customers already know how it can help them send critical business emails, such as receipts, newsletters, and promotions. What about all of those other emails that servers need to send when something goes wrong?

Servers often need to send out an alert via email when something goes wrong or when an administrator needs to be aware of a change. For example, most cron job failures end up creating emails that are shipped to someone on the system. These emails often fall into the root user’s mailbox.

For some servers, root‘s mailbox is a black hole because the account isn’t configured to forward email elsewhere. For others, a system administrator might configure another address to receive the root user’s email. Getting that email delivered outside the server is challenging in cloud environments for many reasons:

• Many IP addresses on cloud platforms are already in email blacklists 

• Reverse DNS isn't always configured correctly by administrators in cloud environments

• Maintaining SPF records for constantly fluctuating environments is difficult

• Distributing DomainKeys configurations reliably is also difficult

• Some alert emails may be dropped into spam folders due to their content, despite getting everything right in the mail server configuration

• Some cloud providers block outbound connections on common SMTP ports (like 25, 465, and 587)

Mailgun can deliver these important emails reliably on almost every system with internet access. Common MTA’s like postfix or sendmail can connect to Mailgun’s SMTP Relay service and send email with very little configuration. In addition, all of that email can be delivered securely with SSL/TLS.

I’ve made this process a little easier by creating an Ansible role called ansible-mailgun that will install postfix and configure it to use Mailgun as an SMTP relay. The role can be easily added to any existing Ansible playbook:

There are only three variables to configure for the role to work. First, the mailgunusername and mailgunpassword appear in the Mailgun dashboard for each domain under the Domain Information heading. The rootforward_ variable should be set to an email address that can receive the email for the root user on each server.

Here’s how it works when an alert email is generated on one of the servers with the ansible_mailgun role applied:

1. The alert email is dropped into the postfix’s delivery queue for root

2. Postfix connects to Mailgun via SMTP to forward the email (the address configured as rootforward_ in the Ansible role)

3. Mailgun delivers the email to the user who is configured to receive root‘s email

This mail delivery path ensures that your alerts are delivered reliably, no matter where they’re generated.