CentOS - Jun 2020 - migrating from sendmail to postfix, centos 6 to centos 8

I have an email server/aggregator which delivers locally for root, and 
all other emails in my domain. It sends outbound email to my isp 
(networksolutins) masquerading as my domain via smtp. This is with sendmail.

It does not receive email from the internet via smtp. I use fetchmail to 
get incoming mail from multiple email/isp's. I use procmail for local 
delivery and serve emails using dovecot/imap. These all work fine.

I am getting new hardware for this machine, and plan to setup centos 8, 
which uses postfix, not sendmail. I've been trying to provision a vm 
with the proper configuration, but cannot get any emails delivered to root.

Is there a pointer to a configuration guide that will help me do what I 
want? I have googled about 100 setups, none of which are what I'm trying 
to achieve. They all suggest using an alias for root to a normal user, 
but them that user gets all of the cron, fail2ban, etc emails, instead 
of delivering them to root on the local machine.

Thanks,

-chuck


--

> 
> I am getting new hardware for this machine, and plan to setup centos 8, 
> which uses postfix, not sendmail.
sendmail is also available - postfix is just the default. 
>  I've been trying to provision a vm 
> with the proper configuration, but cannot get any emails delivered to root.
> 
> Is there a pointer to a configuration guide that will help me do what I 
> want? I have googled about 100 setups, none of which are what I'm
trying
> to achieve. They all suggest using an alias for root to a normal user, 
> but them that user gets all of the cron, fail2ban, etc emails, instead 
> of delivering them to root on the local machine.
> 
The fact that they are all saying to use an alias must surely be
telling you something!

The issue is that if root is receiving mail, then you must be reading
it as root and that is a really bad thing to be doing. If you don't
want the mail to go to a user, then setup another account purely to
receive the root mail that doesn't have elevated privs. 

BTW, other than the fact you shouldn't login as root, the reason for
this is that the mailbox that receives the mail is owned by the user
and the delivery process is run as that user - except for root, which
is run as a non-privileged user: the last thing you want is for some
random email to possibly be processed as root, especially as you say
you are using procmail.  There is a note in the main.cf file:

   # IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
   # ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.

P.

> 
> Fair enough, and I now understand the issues with root receiving and 
> handling emails. The problem with the alias is that ALL emails are being 
> sent out to my ISP, and on to the particular user.
Even for local users that are in /etc/passwd?
> 
> I would like to make this user receive emails locally only, obviously 
> not root (for all the very good reasons you pointed out), but some other 
> non-privileged user. I don't know how to get a user setup only for
local
> only delivery to the machine in question, not sent out of the local
network.
> 
So something in the postfix configuration is telling it to send mail
elsewhere. Have you changed the postfix config at all?  Because usually
it is happy to deliver local mail for local users.  The aliases file
should have something like 

  root: chuck

where 'chuck' is the local user; that will put the message in
/var/mail/chuck. There's a postfix config variable called
'local_recipient_maps' that determines what is a local recipient - but
the default uses, amongst other things, the standard unix passwd file.

P.

On Fri, 2020-06-05 at 07:32 -0500, Chuck Campbell wrote:
> On 6/4/2020 8:58 AM, Pete Biggs wrote:
> > > Fair enough, and I now understand the issues with root receiving
and
> > > handling emails. The problem with the alias is that ALL emails
are being
> > > sent out to my ISP, and on to the particular user.
> > Even for local users that are in /etc/passwd?
> Yes, I only have two local users, and email I send on the box ends up at 
> the outside ISP, then comes back via fetchmail, and procmail. I can read 
> it with IMAP from outside. I guess I'll live with this.
So even if you do something like 

   mail chuck

at the command line (with whatever user has a local account) it still
gets sent to the ISP?

> I'm sure it is the RelayHost or RelayDomains that forwards the email 
> outbound to my ISP.
relay_host is the host that mail is sent to if it can't be delivered
elsewhere.

relay_domains is a list of domains the host will relay mail to.
>  If I set up a local only account, those emails try 
> to go outbound as well, but are rejected as there is no registered user 
> of that name at my ISP.
In /etc/postfix/main.cf what is 'local_recipient_maps' set to? Also,
what about 'mydestination'

If you look in /var/log/maillog what does a message log for a local
user look like when sent using the mail command? 

P.