Tips for fresh Debian server

Setup postfix as Satellite System

If you have a mail server, do this step. Otherwise, choose “Internet Site”.

Please use a encrypted VPN for this (see wireguard page), as by default Satellite hosts don’t use encrypted connection.

Make sure your current server is part of mynetworks / “Local networks” in the upstream mail server.

Run:

# dpkg-reconfigure postfix

Select “Satellite system”

Postfix configuration: Select mail server configuration type

Insert your mailname, usually your hostname (such as web1.example.com)

Postfix configuration: Select mail name

Insert your relay address, like 10.125.55.2:25.

Postfix configuration: Specify relay address

Test:

mail -s "Hello world!" "user@example.com" <<< "Hello world!"

Replace user@example.com with a email hosted somewhere else than your mail server.

Forward mail elsewhere

Requires a MTA such as Postfix)

By default, Debian sends your email (security notifications, delivery errors, etc.) to /var/mail/$USER (can be read using a MUA such as mutt (deb)). If you are not reading your mail locally, you can forward it to your normal mailbox.

echo "user@example.com" > ~/.forward

Make sure your machine’s hostname/mailname is not example.com.

Forward root@hostname to actualadmin@hostname

If you used Debian-Installer instead of cloud-init, this should be set automatically to the user you selected to use as non-root administrative user.

Testing

mail -s "hello" "root@$(hostname -f)" <<< "Hello world"

If this ends to your actual admin’s mailbox instead of root’s mailbox, congratulations!

How-to

# dpkg-reconfigure postfix

dpkg-reconfigure postfix in action

After running it, /etc/aliases should look something like this (notice the root: actualadmin line):

# /etc/aliases
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: actualadmin

Replace actualadmin with the administrative user you set.

Or do the following:

echo "root: actualadmin" | sudo tee -a /etc/aliases

Replace actualadmin with the administrative user you use.

After that reload `/etc/aliases by running:

# postalias /etc/aliases
# systemctl reload postfix

Enable unattended-upgrades

# apt install unattended-upgrades apt-listchanges bsd-mailx
# dpkg-reconfigure unattended-upgrades

Email notifications

In /etc/apt/apt.conf.d/50unattended-upgrades, uncomment Unattended-Upgrade::Mail "root";

To get email notifications to other mailbox/your user’s mailbox, see Forward mail elsewhere.

Read more on Debian wiki