This is the first article in a series on best practices in GNU/Linux systems administration.
Every GNU/Linux system comes with an integrated alert system which is based on mail messages. Cron collects the output of the scripts it runs and sends it via mail to local root. sudo sends out a mail after unauthorized attempts to execute commands. Many other tools rely on the availability of a local mail delivery system.
The key to transform this minimal service into a centralized alert service is to let all the local messages reach a single mail account. This can be accomplished by installing Postfix on every host with the following
myhostname = host.example.com mydestination = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 local_recipient_maps = local_transport = error:local delivery is disabled canonical_maps = hash:/etc/postfix/canonical mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = loopback-only
As you can see, local delivery is disabled, so all messages are delivered to external servers. Messages generated by or directed to local users will have an address in the
firstname.lastname@example.org form. This is where the
canonical_maps enter in action:
# /etc/postfix/canonical @host.example.com email@example.com
Note: remember to issue
postmap /etc/postfix/canonical after each change to the file.
All local address will be rewritten into firstname.lastname@example.org, which will be a single, constantly monitored e-mail account.
If the availability for every local user of a ready-to-use mail delivery service is a concern, you can use the following Postfix Author's suggestion to limit the delivery to a single domain:
/etc/postfix/main.cf transport_maps = hash:/etc/postfix/transport /etc/postfix/transport: example.com : * error:we do not deliver this domain
Comments are welcome at email@example.com.
If this article was valuable to you, you may consider donating.