When configuring a Linux server (especially for security monitoring), properly forwarding root's email to an external address is crucial. Many administrators struggle with Sendmail configurations where emails either don't forward or get sent to unexpected addresses (like root@yourdomain.net instead of your Gmail).
The traditional method of creating a .forward file in root's home directory should work, but often fails due to:
# Common issues:
1. File permissions (should be 644)
2. Wrong file location (/root/.forward vs /etc/mail/.forward)
3. Sendmail aliases overriding .forward
4. SELinux/AppArmor restrictions
First, verify your current mail setup:
# Test basic mail functionality:
echo "Test message" | mail -s "Test" your@gmail.com
Then implement the forwarding properly:
# Step 1: Create the .forward file
sudo sh -c 'echo "your.email@gmail.com" > /root/.forward'
# Step 2: Set correct permissions
sudo chmod 644 /root/.forward
# Step 3: Verify Sendmail's access
sudo grep ForwardPath /etc/mail/sendmail.cf
# Should include /root/.forward in the path
If the basic method doesn't work, try these approaches:
Method 1: Using /etc/aliases
# Edit the aliases file
sudo nano /etc/aliases
# Add this line:
root: your.email@gmail.com
# Then rebuild alias database
sudo newaliases
Method 2: Direct Sendmail Configuration
# Edit sendmail.mc
sudo nano /etc/mail/sendmail.mc
# Add this line (before MAILER_DEFINITIONS):
FEATURE(virtusertable', hash -o /etc/mail/virtusertable.db')dnl
# Create virtusertable
sudo nano /etc/mail/virtusertable
# Add:
root@yourdomain.com your.email@gmail.com
# Rebuild config
sudo makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable
sudo service sendmail restart
If emails still aren't forwarding correctly:
# Check mail logs:
sudo tail -f /var/log/mail.log
# Test delivery path:
sudo sendmail -bv root
# Verify file accessibility:
sudo -u smmsp test -r /root/.forward && echo "Accessible" || echo "Blocked"
When forwarding sensitive system emails:
- Consider using an encrypted connection (configure Sendmail with TLS)
- Don't forward to unauthorized accounts
- Regularly check that forwarding still works
- Consider using dedicated monitoring tools instead of email forwarding for critical alerts
When managing a Linux server, system-generated emails sent to the root user often contain critical security alerts and system notifications. Forwarding these emails to an external address (like Gmail) ensures you don't miss important updates. However, simply adding an address to /root/.forward may not work as expected, especially with Sendmail configurations.
In your case, Sendmail appears to process the email but sends it to root@batcave.net instead of the intended external address. This happens because:
- Sendmail's default configuration may override or ignore
.forwardfiles for system accounts likeroot. - ISP relay settings might rewrite the "From" or "To" addresses.
Here’s how to force Sendmail to respect the .forward file for root:
# Step 1: Edit /etc/mail/trusted-users
echo "root" | sudo tee -a /etc/mail/trusted-users
# Step 2: Create or modify /root/.forward
echo "your.email@gmail.com" | sudo tee /root/.forward
# Step 3: Rebuild Sendmail's alias database
sudo newaliases
# Step 4: Restart Sendmail
sudo service sendmail restart
If .forward still doesn’t work, edit /etc/aliases:
# Add this line to /etc/aliases
root: your.email@gmail.com
# Then rebuild the alias database
sudo newaliases
Check Sendmail’s logs for errors:
tail -f /var/log/mail.log
If you see "stat=Deferred" or similar errors, test Sendmail’s delivery manually:
echo "Test email" | mail -s "Test Subject" your.email@gmail.com
Some ISPs block or modify emails from residential IPs. To bypass this:
- Configure Sendmail to use your Gmail SMTP server:
# Edit /etc/mail/sendmail.mc
define(SMART_HOST', smtp.gmail.com')dnl
define(RELAY_MAILER_ARGS', TCP $h 587')dnl
define(ESMTP_MAILER_ARGS', TCP $h 587')dnl
# Rebuild Sendmail config
sudo make -C /etc/mail
sudo service sendmail restart
Trigger a test email to root and verify forwarding:
echo "Test root forwarding" | mail -s "Root Forward Test" root
Check your Gmail inbox (and spam folder) for the forwarded message.