✉Alerts & Notifications - SMTP Relay✉#
992 words | 13 min read
I run various services on my network, including - as you may have shrewdly deduced by now - Bacula.
I needed a way to send email alerts and notifications on the status of the various services - especially if any of my backups failed.
I could configure emails to be sent through GMail or my ISP (or any other provider that allows this). But doing this for each service is cumbersome. And if I ever change the password for my GMail account - there are multiple places where I will also have to change the password.
Another option would be to set up my own SMTP server. But an SMTP server requires a domain name, static IP address that’s not blacklisted, and properly configured DNS for both email routing as well as anti-spam/spoofing etc. I wasn’t sure I wanted to take this on.
And Thanks to my ISP, I don’t have a static IP address (even on IPv6) anyway. And buying one is too expensive for what I need. I didn’t want to rent a VPS either, which would have been cheaper, but I’d have to find one that didn’t block the SMTP port(s) and I’d still have to deal with the configuration and maintenance of an SMTP server.
After weighing all these, I decided to set up an SMTP relay (aka MTA) in my network that will accept emails from machines on my network, and send it through one of my email accounts (GMail, ISP etc.).
This way, there is no need for a static IP address or any of the other major requirements. I only need to configure the server within my network to accept emails (only from within my network), and to relay it to another server, with the required authentication credentials. This makes it the only way that emails will leave my network. And in case of changing my email password, this will be the only place where I will need to change it.
There are a number of choices when it comes to SMTP servers on Linux, but the ones I considered were
Sendmail: This ships standard on most Linux distributions. It’s the original Grand-daddy of SMTP servers. It’s been around for quite some time, and it works.
Exim: This is another good option for our purposes. But it does not appear to be as widely used as some of the other MTAs.
Postfix: This is a (relatively speaking) newer software. It has a more modular structure (compared to Sendmail). And it supposedly consumes fewer resources than Sendmail (but I have no direct knowledge of this).
Eventually, I decided on setting up Postfix. I decided to use server01 for this, and to set it up to relay to my Gmail account. I configured it to only accept emails from my network. So, I chose not to configure any additional authentication for sending emails.
Let’s look at the steps to install and configure Postfix for sending email alerts and notifications.
1. Install Postfix#
Install the Postfix SMTP server on server01
sudo apt install -y postfix libsasl2-modules
Note
We skipped the Postfix configuration when installing Bacula. So, this step may not be required if you followed the Bacula installation steps from my earlier posts.
2. Configure Postfix#
During the package installation, you will be prompted for these settings automatically. Otherwise, use dpkg-reconfigure as shown below
sudo dpkg-reconfigure postfix
2.1. Enter Configuration Parameters#
Choose “Internet with smarthost”
Enter “server01.example.com” as the “System Name” (Be sure to use your FQDN)
Enter “[smtp.gmail.com]:465” as the SMTP relay host
Enter something like “root@server01.example.com” for the “Recipient for root and postmaster mail”.
For “Other destinations to accept mail for”, enter the relevant domain names such as “server01.example.com, server01, example.com”
Select “No” for forcing synchronous updates on mail queue
Specify the network CIDRs for which mail should be accepted by this server. e.g. “127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24”
Leave the default mailbox size unchanged
Leave the local address extension character unchanged
Select “all” for the protocols to use (unless you want to only use IPv4 or IPv6)
This should create the /etc/postfix/main.cf with the parameters that we entered. This should configure the server to accept emails for your domain, and from computers in your network.
2.2. Generate the Gmail app password#
Login to your Gmail account, and select “Manage your Google account” from your profile picture at the top right corner,
Then, select “Security” from the left menu.
Next search for “app passwords” in the search bar at the top.
Then create an app password for “Postfix SMTP Server” (or whatever else you want to call it).
2.3. Configure Postfix with the Gmail ID and password#
Here we are going to configure the Postfix server to send emails using our Gmail account.
Edit /etc/postfix/sasl_passwd and enter the following (substituting your userID and the correct App password):
[smtp.gmail.com]:465 [email protected]:app_password
Hint
Remove any spaces from the Google App password before using it in Postfix
2.4. Generate the hash for the sasl_passwd#
sudo postmap /etc/postfix/sasl_passwd
2.5. Secure the password files#
sudo chown root:root /etc/postfix/sasl_passwd*
sudo chmod 0400 /etc/postfix/sasl_passwd*
2.6. Add additional parameters to use SSL and the sasl_passwd#
Edit the /etc/postfix/main.cf and add the following parameters:
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=secure
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtp_tls_wrappermode = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
3. Restart Postfix#
sudo systemctl restart postfix
4. Test emailing with the newly configured server#
I prefer using the s-nail client since it provides a few more options - including specifying the SMTP server.
4.1. Install s-nail#
Install s-nail on each machine where you want to have email alerts (e.g. server01, db01 and ws01).
sudo apt install s-nail
4.2. Test emailing from the command line#
Run the following command on each machine where you want to test emailing
echo "This is a test email" | /usr/bin/s-nail -S v15-compat -Smta=smtp://server01.example.com -S smtp-auth=none -s "Test Email" [email protected]
If you successfully received emails at dest_email@domain.com, you are ready to configure your other services (e.g. Bacula) to send emails using the newly configured Postfix server
5. Configure Email Alerts In Bacula#
5.1. Define the Messages block#
Add a section similar to the following, in /etc/bacula/bacula-dir.conf
Messages {
Name = "JobStatusEmail"
mailcommand = "/usr/bin/s-nail -S v15-compat -Smta=smtp://server01.example.com -S smtp_auth=none -s 'Bacula %n %l %e' %r"
Mail = [email protected] = all
console = all, !skipped, !saved
}
5.2. Configure each job to send emails using this new Messages definition#
Add the following line to each job definition in /etc/bacula/bacula-dir.conf
Hint
You can also add this to the “JobDefs” section and allow it to be inherited by every job.
Messages = JobStatusEmail
Tip
Once the novelty of getting email alerts for every job wears off, you can configure Bacula to only send alerts when errors occur, by changing the “Mail” line to “MailOnError” as shown below:
MailOnError = dest_email@domain.com = all
Comments
Comments powered by giscus, use a GitHub account to comment.