My ISP blocks port 25 and I want to send email after unattended-upgrades completes. I set things up so that I can successfully send mail with s-nail, but unattended-upgrades still isn't sending me email and I don't know why.
s-nail setup
First, the s-nail configuration.
Installing s-nail
I came across info for heirloom-mailx, but delving into it, the maintainers said, "ahh, you don't need that, just create a link from /usr/bin/mail to s-nail!" So that is what I did:
# first, uninstall any mailx programs you have
sudo apt remove bsd-mailx
sudo rm -f /usr/bin/mail # just in case something is still installed
# install s-nail and link it
sudo apt install s-nail
sudo ln -s /usr/bin/s-nail /usr/bin/mail
$HOME/.mailrc
v15-compat
from="CronUpdates <[email protected]>"
sendwait
sendcharsets=utf-8,iso-8859-1
mta=smtp://cron%40mydomain.com:<redacted>@smtppro.zoho.com:587 \
smtp-auth=login \
smtp-use-starttls
which is of course chmod 600 $HOME/.mailrc'd as it is supposed to be.
$HOME/send_test_email.sh
#!/bin/bash
EMAIL_SUBJECT="Cron Email"
TO_ADDRESS="[email protected]"
echo 'Hello world!' | s-nail -s "$EMAIL_SUBJECT" "$TO_ADDRESS"
which is of course chmod u+x $HOME/send_test_email.sh'd, allowing us to:
./send_test_email.sh
# success!
Woo-hoo, I get an email!
unattended-upgrades setup
Next, the unattended-upgrades configuration in /etc/apt/apt.conf.d/50unattended-upgrades. This represents an ubuntu configuration, but I have a raspberry pi configuration that is a little different, but has the same issue.
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
"${distro_id}ESMApps:${distro_codename}-app-security";
"${distro_id}ESM:${distro_codename}-infra-security";
"${distro_id}:${distro_codename}-updates";
};
Unattended-Upgrade::Package-Blacklist {
};
Unattended-Upgrade::DevRelease "auto";
Unattended-Upgrade::Mail "[email protected]";
Unattended-Upgrade::MailReport "always";
I can --dry-run unattended upgrades, if there's anything to upgrade, but I don't think that sends an email. Still, that's useful:
# do a dry-run to iron out any issues that you can with unattended-upgrades
sudo unattended-upgrades -v -d --dry-run
# doesn't send an email, but that's operating as designed :(
Then, if there's anything to upgrade (which makes everything very difficult to debug, especially since apt-cache madison only returns one result), I can drop --dry-run and it will allegedly attempt to send the email:
machine$ sudo unattended-upgrades -v -d
Running on the development release
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=impish, o=Ubuntu,a=impish-security, o=UbuntuESMApps,a=impish-apps-security, o=UbuntuESM,a=impish-infra-security, o=Ubuntu,a=impish-updates
Initial blacklist:
Initial whitelist (not strict):
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/download.docker.com_linux_ubuntu_dists_impish_stable_binary-amd64_Packages' a=impish,c=stable,v=,o=Docker,l=Docker CE arch='amd64' site='download.docker.com' IndexType='Debian Package Index' Size=28335 ID:44> with -32768 pin
... many lines later ...
Package docker-ce-rootless-extras has a higher version available, checking if it is from an allowed origin and is not pinned down.
Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2022-04-15 17:53:56
Sending mail to [email protected]
mail returned: 0
Oh no, I don't get any email!
The above configuration represents many hours of research, trial, and error attempting to get both email and unattended-upgrades to work; both of which work, but now must work together...
How can I make unattended-upgrades actually send its email given that I must use the .mailrc configuration defined above?
