Notification mail in linux?

1337

I need some understanding about how mail works in linux. What I'm trying to figure out is how to have the system, the daemons and any scripts use email notifications and actually have those delivered to a real email address.

I have a couple of questions but I don't know if they are the right questions to actually be asking.

1. Often you have something like exim installed but it's by default setup to be completely local from what I've seen. Would you use exim or do you need to install something else? Is there a "best practice" tool?

2. What daemons or services sends notification type mail to root (or some other user)? Or does that happen only if you explicitly configure something? Is there a default admin address to send system mail to or is that root?

3. How would you go about having those notification mails forwarded to a real email address using an external SMTP server?

4. Also when sending mail from the shell I know you can use mail but there are other utilities too. What is happening behind the scenes when using mail? Is that the same mechanism as that daemons would use for sending mail?

1337

Or is email perhaps not a good way to get notifications when there is a problem?

Maybe email in this manner is old-skool and it would be better to use something else?
Like external log server, system monitoring (Zabbix) perhaps?

DustinB3403

I'm pretty sure you want to use mailx which is the default for many systems.

That should get you what you need.

DustinB3403

Mail on linux by default will go to a local user (usually root) which is stored locally on the system. This is the default store which is usually at /var/mail/$USER (of course this varies based on what distro of linux you're using).

JaredBusch

@Pete-S said in Notification mail in linux?:

3. How would you go about having those notification mails forwarded to a real email address using an external SMTP server?

I send everything to a postfix relay that then sends it on to O365 (work) or Gmail (personal).

I use ZeroTier on all the devices to enable me to send SMTP direct to the IP.

Example dnf-automatic:

The address 10.224.0.107 is he ZeroTier IP address of the postfix relay running in my colo.

IRJ

@Pete-S said in Notification mail in linux?:

Or is email perhaps not a good way to get notifications when there is a problem?

Maybe email in this manner is old-skool and it would be better to use something else?
Like external log server, system monitoring (Zabbix) perhaps?

Yeah I would use SIEM. Then you'd create and manage your alerts from there. You could send to email, slack, etc.

You can use postfix for alerting as JB mentioned. I use postfix on the my personal servers because I don't manage enough to justify a SIEM.

scottalanmiller

@Pete-S said in Notification mail in linux?:

Often you have something like exim installed but it's by default setup to be completely local from what I've seen. Would you use exim or do you need to install something else? Is there a "best practice" tool?

I, and everyone that I know, default to using Postfix for this. Not because it's better or worse, it's just way better known in the industry and gets the most attention and its what we all known how to work on.

scottalanmiller

@Pete-S said in Notification mail in linux?:

Or is email perhaps not a good way to get notifications when there is a problem?

Maybe email in this manner is old-skool and it would be better to use something else?
Like external log server, system monitoring (Zabbix) perhaps?

I agree here. It's good to know how mail could work, and sometimes you might want it, but for real alerts we use something more robust. If the server fails, it likely won't be able to email you.

JaredBusch

@IRJ said in Notification mail in linux?:

@Pete-S said in Notification mail in linux?:

Or is email perhaps not a good way to get notifications when there is a problem?

Maybe email in this manner is old-skool and it would be better to use something else?
Like external log server, system monitoring (Zabbix) perhaps?

Yeah I would use SIEM. Then you'd create and manage your alerts from there. You could send to email, slack, etc.

You can use postfix for alerting as JB mentioned. I use postfix on the my personal servers because I don't manage enough to justify a SIEM.

I don’t use it for alerts. I use it for normal email notification stuff. It is all filed into a folder that is never read unless there is an issue. It is there for historical research.

For alerting, you want something not email from the server that has the problem, because odds are better than zero that it will not be able to send it.

JaredBusch

@IRJ said in Notification mail in linux?:

Yeah I would use SIEM.

This needs to be simpler.

1337

@IRJ said in Notification mail in linux?:

@Pete-S said in Notification mail in linux?:

Or is email perhaps not a good way to get notifications when there is a problem?

Maybe email in this manner is old-skool and it would be better to use something else?
Like external log server, system monitoring (Zabbix) perhaps?

Yeah I would use SIEM. Then you'd create and manage your alerts from there. You could send to email, slack, etc.

You can use postfix for alerting as JB mentioned. I use postfix on the my personal servers because I don't manage enough to justify a SIEM.

I thought that SIEM was only used for security monitoring. What SIEMs for example are we talking about for this type of application?