External mailing on FreeBSD

2012-06-06 09:06

FreeBSD’s periodic sends results for daily, weekly, and monthly runs to the root user’s local inbox using the Sendmail MTA in the base system. These messages can help one identify potential issues before they blow up, such as waning disk space or security problems.

You can have your system forward this mail to an external E-mail account, such as on GMail or a private mail server, instead of reading root’s local mbox.

To accomplish this, we’ll replace FreeBSD’s default MTA, Sendmail, with one capable of authenticating to an external SMTP server.

Stop Sendmail with service sendmail stop, then disable it permanently in rc.conf.

/etc/rc.conf 
  1. # Disable Sendmail MTA

  2. sendmail_enable="NO"

  3. sendmail_submit_enable="NO"

  4. sendmail_outbound_enable="NO"

  5. sendmail_msp_queue_enable="NO"

Install a replacement MTA, OpenBSD’s smtpd, from mail/opensmtpd. Edit smtpd.conf, configuring OpenSMTPd to listen on the local machine, map mail aliases, and deliver to local users’ mbox inboxes. With local delivery taken care of, we can add relay servers for particular domains. This example defines a relay server for GMail and for my domain using my private mail server on gigadelic.

/usr/local/etc/mail/smtpd.conf 
  1. listen on 127.0.0.1

  2. listen on ::1

  3. 

  4. map "aliases" { source db "/usr/local/etc/mail/aliases.db" }

  5. map "secrets" { source db "/usr/local/etc/mail/secrets.db" }

  6. 

  7. 

  8. accept for local alias aliases deliver to mbox

  9. accept from local for domain "cooltrainer.org" relay via "gigadelic.cooltrainer.org" port 587 tls auth "secrets" as "@emi.aloe.cooltrainer.org"

  10. accept from local for domain "gmail.com" relay via "smtp.gmail.com" port 587 tls auth "secrets"

Copy Sendmail’s alias file to OpenSMTPd’s configuration directory then edit it, uncommenting the # root: me@my.domain alias and replacing me@my.domain with your own personal address.

  1. cp /etc/mail/aliases /usr/local/etc/mail/aliases

  2. vi /usr/local/etc/mail/aliases

Create /usr/local/etc/mail/secrets and define a username and password pair for each relay server.

/usr/local/etc/mail/secrets 
  1. gigadelic.cooltrainer.org nickles@cooltrainer.org:th1sisdefinitelymypassw0rd

  2. smtp.gmail.com yourname@gmail.com:pantsupantsupantsu

Create the secrets and alias databases, then enable smtpd.

  1. cd /usr/local/etc/mail/

  2. /usr/local/libexec/opensmtpd-portable/makemap secrets

  3. newaliases

  4. echo 'smtpd_enable="YES"' >> /etc/rc.conf

  5. service smtpd start

Now, send a test message to the local root user.

  1. echo "This is a test" | mail -s "Testin'" root

Your configuration is complete if the test message lands in your inbox. Your system will send out daily, weekly, and monthly status emails. Read on for some recommended additional settings.

ZFS status

Periodic can alert you to ZFS filesystem problems or failing zpools. Enable it in periodic.conf.

  1. echo 'daily_status_zfs_enable="YES"' >> /etc/periodic.conf

S.M.A.R.T. status

S.M.A.R.T. status can be included in periodic’s daily e-mail.

As root, execute grep -E 'ad(a)?[0-9]|(a)?cd[0-9]|da[0-9]' /var/run/dmesg.boot | grep device to list your attached detected devices. Here’s an example from emi:

  1. ada0: <OCZ-VERTEX3 2.15> ATA-8 SATA 3.x device

  2. ada1: <ST31500341AS CC1H> ATA-8 SATA 2.x device

  3. ada2: <ST31500341AS CC1H> ATA-8 SATA 2.x device

  4. ada3: <ST31500341AS SD1B> ATA-8 SATA 2.x device

  5. cd0: <ATAPI iHAS424   B GL1A> Removable CD-ROM SCSI-0 device

Add your desired devices to periodic.conf.

  1. echo 'daily_status_smart_devices="/dev/ada0 /dev/ada1 /dev/ada2 /dev/ada3"' >> /etc/periodic.conf

Portaudit

ports-mgmt/portaudit can warn you of installed outdated ports with security vulnerabilities. Install portaudit through the ports system, then enable it in periodic.conf.

  1. echo 'daily_status_security_portaudit_enable="YES"' >> /etc/periodic.conf

Sorting

I like the status messages for my machines to wind up in their own named folders in my IMAP inbox. If your mail server has sieve support you can use a sieve script like these to sort your mail.

emi.sieve 
  1. require ["imap4flags", "fileinto", "envelope"];

  2. if envelope :is "from" "root@emi.aloe.cooltrainer.org" {

  3.     fileinto "Emi";

  4. }
gigadelic.sieve 
  1. require ["imap4flags", "fileinto", "envelope"];

  2. if envelope :is "from" "root@gigadelic.cooltrainer.org" {

  3.     fileinto "Gigadelic";

  4. }

Troubleshooting

Mail not arriving? As root, tail the MTA log file and watch its output as you attempt to send a message.

  1. tail -n 50 -f /var/log/maillog