Configuring mail forwarding for the root
user
- WHAT?
This article describes how to configure mail forwarding for the
root
user.- WHY?
Enable mail forwarding for the
root
user to get information about system events.- EFFORT
It should not take longer than five minutes to configure mail forwarding.
- REQUIREMENTS
A network connection
A remote e-mail account that reliably receives messages
root
orsudo
privileges
1 Introduction #
System daemons, cron
jobs, systemd
timers, and
other applications can generate e-mails and send them to the root
user of the system.
These messages can contain security-relevant reports and incidents that might require a
quick response by the system administrator.
By default, each user account owns a local mailbox and will be notified about new mail
messages upon login. To get notified about the messages sent to root
in a timely
fashion, it is recommended to forward these mails to a dedicated remote e-mail account that
is regularly checked.
2 Configuring root
mail forwarding with YaST #
The following procedure describes how to configure mail forwarding for the root
user
to a dedicated remote e-mail account.
root
mail forwarding with YaST #Install the yast2-mail package:
>
sudo
zypper in yast2-mail
Run the interactive YaST mail configuration:
>
sudo
yast mail
Choose
as and proceed with .Enter the address of the
. If necessary, configure . It is strongly recommended to to prevent potentially sensitive system data from being sent unencrypted over the network. Proceed with .Enter the e-mail address to
and the configuration.Important: Do not accept remote SMTP connectionsDo not enable , otherwise the local machine will act as a mail relay.
Send a message to test whether the mail forwarding works correctly:
>
mail root
subject: test test .Check the remote e-mail account for new messages. Your test message should arrive within minutes.
3 What's next? #
Depending on the number of managed machines and the number of persons who need to be informed about system events, different e-mail address models can be established:
Collect messages from different systems in an e-mail account that is only accessed by a single person.
Collect messages from different systems in a group e-mail account (aliases or mailing list) that can be accessed by all relevant persons.
Create separate e-mail accounts for each system.
It is crucial that administrators regularly check the related e-mail accounts. To facilitate this effort and identify important events, avoid sending unnecessary information. Configure applications to send only relevant information.
4 Troubleshooting #
If the test message sent in
Procedure 1, “Configure root
mail forwarding with YaST” does not
arrive, perform the following steps to analyze the problem.
- Is the
postfix
daemon running? Check if the
postfix
daemon is running withsystemctl status postfix.service
. If the service is down, the output includes additional information on the cause of the problem.- Has the test message been sent?
Use the
mailq
command to verify that the test message from Step 6 has been sent. Upon success, the queue should be empty.- Is the outgoing mail server resolved correctly?
Check that the system resolves the mail server of the remote e-mail account correctly. Run
host -t mx example.com
(where example.com is the domain of the e-mail account configured in step 5).- Can you reach the outgoing mail server?
Verify you can ping the mail server with
ping -c 5 mail.example.com
(where mail.example.com is the host name of the mail server returned by thehost
command in the previous step).- Does the test message still not arrive?
If
mailq
reports the message has been sent successfully, the problem must be on the receiving end. Check the configuration of the remote e-mail account and its spam folder.
5 Legal Notice #
Copyright© 2006–2024 SUSE LLC and contributors. All rights reserved.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”.
For SUSE trademarks, see https://www.suse.com/company/legal/. All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its affiliates. Asterisks (*) denote third-party trademarks.
All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its affiliates, the authors, nor the translators shall be held liable for possible errors or the consequences thereof.