One thing I really wanted to have on my server was the ability for system packages to send mail externally. This is useful for upgrade notifications or any kind of monitoring alerts that systems may emit. One the other hand, I have better things to do than worry about a private mail server. The solution I came up with is setting up
postfix to act as an SMTP-relay, using an SMTP account at a third-party mail server for outgoing mail.
Step 1: Install
This is as simple as running
sudo apt install postfix mailutils
In the configuration prompt, select
Internet Site - not that it really matters.
Step 2: Configure
mydestination have your correct domain.
postfix where the SMTP server is:
relayhost = [smtp.yourmailprovider.com]:465
Note that the square brackets are the correct syntax to use here.
465 is the default SMTP port for SSL connections - change as appropriate.
loopback-only to ensure that your
postfix instance does not accept external connections.
Finally, add the following lines at the end to enable encryption of SMTP connections:
# SMTP Server auth settings
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtp_use_tls = yes
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
Step 3: Set up authentication
In the previous step we told
postfix to use
/etc/postfix/sasl/passwd as the source of SMTP credentials. Time to populate that file with the credentials. The format here is:
Once you’ve added your credentials, generate the database:
sudo postmap passwd
You can now use the
mail command to send emails from this host. They will be routed through the third party SMTP server that you’ve set up.
(Optional) Step 4: Set up
First, add your email as an alias for
root user. Edit
Save the changes and run
sudo newaliases. This ensures that any mail sent to
root user will be redirected to your actual mailbox.
/etc/apt/apt.conf.d/50unattended-upgrades. Uncomment the line that reads
Save the changes and restart the unattended upgrades service:
sudo systemctl restart unattended-upgrades
Now you will receive summaries of
unattended-upgrades from your server.