Help:Email in Cloud VPS

This page contains information on best practices for managing email in Cloud VPS.

We use the word email here as a way to refer to the several protocols involved in modern and secure email exchange (SMTP, SPF, DKIM, DMARC, POP, IMAP, etc).

There are some considerations you need to take into account when planning to use these emails protocols inside Cloud VPS.

Best practices

A collection of best practices.

The Cloud VPS mail servers are primarily intended for transactional mail from applications running in Cloud VPS. You must receive approval from the Cloud VPS admin team before using the Cloud VPS mail servers to send bulk mail.

Using Cloud VPS SMTP servers

All Cloud VPS VMs have a mail relay running, so in most cases you can set the SMTP host to localhost and port to 25. Those are set to relay mail via mx-out-a.wmcloud.org and mx-out-b.wmcloud.org.

Not using our SMTP relay servers when using a Cloud VPS sender address can result in SPF errors in the destination smtp server refusing your emails. Gmail for example will reject all inbound messages that fail SPF verification.

All outbound mail from Cloud VPS must be either sent via the Cloud VPS SMTP relays or from an instance with a public floating IP address allocated. In other words, the network edge will reject outbound mail sent from private IPv4 addresses instead of applying the usual source NAT.

Select a From address from Cloud VPS domain

If you send emails from a software running inside Cloud VPS, use a From: address that belongs to a Cloud VPS domain (such as wmcloud.org).

The Cloud VPS relay servers have an explicit allowlist of domains they will relay mail for. If you need to use some other domain, it will either need to be added to the relay server configuration, or you will need to run your own mail server with its own public IP address. In any case, contact the Cloud VPS admin team to discuss your options. Subdomains of Cloud VPS domains are also not included on the list by default.

Use a Reply-To address that you monitor

You should set the Reply-To: header to an address you control, so that you will receive any bounce messages generated from your mails.

Properly identify your emails as automated

Set the Auto-Submitted: auto-generated header on your outbound mail to suppress vacation responses and similar noise.

Examples

TODO: write an example email

Communication and support

Support and administration of the WMCS resources is provided by the Wikimedia Foundation Cloud Services team and Wikimedia movement volunteers. Please reach out with questions and join the conversation:

Discuss and receive general support

Chat in real time in the IRC channel #wikimedia-cloud ^connect or the bridged Telegram group
Discuss via email after you have subscribed to the cloud@ mailing list

Stay aware of critical changes and plans

Subscribe to the cloud-announce@ mailing list (all messages are also mirrored to the cloud@ list)
Read the News wiki page

Track work tasks and report bugs

Use a subproject of the #Cloud-Services Phabricator project to track confirmed bug reports and feature requests about the Cloud Services infrastructure itself

Read stories and WMCS blog posts

Read the Cloud Services Blog (for the broader Wikimedia movement, see the Wikimedia Technical Blog)