Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save dwilkie/41ae0c7acc48186e6058 to your computer and use it in GitHub Desktop.
Save dwilkie/41ae0c7acc48186e6058 to your computer and use it in GitHub Desktop.
Setup unattended upgrades on Ubuntu with Gmail

Install the unattended-upgrades package

$ sudo apt-get install unattended-upgrades 

Edit the periodic configuration

$ sudo nano /etc/apt/apt.conf.d/10periodic

Set the following:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";

Where the number is the frequency (in days)

Edit the unattended upgrades configuration

$ sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Configure the default packages you want to automatically upgrade:

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}-security";
        "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};

Optionally configure additional packages you want to upgrade

In order to automatically upgrade custom packages do the following:

  1. Look in /var/lib/apt/lists/ to find the custom package that you want to update. It should end with Release e.g. /var/lib/apt/lists/files.freeswitch.org_repo_deb_debian_dists_wheezy_InRelease
  2. Open up the file $ nano /var/lib/apt/lists/files.freeswitch.org_repo_deb_debian_dists_wheezy_InRelease
  3. Look for the Origin and Suite entries. e.g. Origin: freeswitch Suite: stable and note these values.
  4. Edit the unattended upgrades configuration again. $ sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
  5. Add an entry for the origin and suite in the configuration

E.g.

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}-security";
        "${distro_id}:${distro_codename}-updates";
        "freeswitch:stable";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};

Setup automatic reboot (optional)

This will reboot the server if required automatically.

Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "19:00"; // Optional

Setup Mail

Unattended-Upgrade::Mail "[email protected]";

Send notifications via Gmail

Install mailx

$ heirloom-mailx

Set mail defaults

$ sudo su
$ cd ~
$ nano .mailrc

Add the following to .mailrc in root's home directory.

set smtp-use-starttls
set ssl-verify=ignore
set smtp=smtp://smtp.gmail.com:587
set smtp-auth=login
set [email protected]
set smtp-auth-password=secret
set from="[email protected]

Change the permissions of .mailrc

chmod 400 .mailrc

Test it out

$ sudo unattended-upgrade -v -d --dry-run

Trigger it now

$ sudo unattended-upgrade -v -d
@SamuilDichev
Copy link

I managed to set up the upgrades, but it still won't send email even though I've configured it the same way.
I can email via the terminal using mailx -v -s "subject" [email protected], but unattended-upgrades keeps failing to email me.

/etc/apt/apt.conf.d/50unattended-upgrades has the Unattended-Upgrade::Mail uncommented and set to my email. However, in /var/spool/mail it says this (The CENSORED is a placeholder for my email and server name etc.):

----- Transcript of session follows -----
... while talking to aspmx.l.google.com.:
>>> DATA
<<< 550-5.7.1 [<CENSORED>] Our system has detected that this message does
<<< 550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and
<<< 550-5.7.1 authentication. Please review
<<< 550-5.7.1  https://support.google.com/mail/?p=ipv6_authentication_error for more
<<< 550 5.7.1 information. c125si9979221wmd.11 - gsmtp
554 5.0.0 Service unavailable

--tB969CY2007824.1449641352/pla39
Content-Type: message/delivery-status

Reporting-MTA: dns; <CENSORED>
Received-From-MTA: DNS; localhost.localdomain
Arrival-Date: Wed, 9 Dec 2015 07:09:11 +0100

Final-Recipient: RFC822; <CENSORED>@gmail.com
Action: failed
Status: 5.7.1
Remote-MTA: DNS; aspmx.l.google.com
Diagnostic-Code: SMTP; 550-5.7.1 [<CENSORED>] Our system has detected that this message does
Last-Attempt-Date: Wed, 9 Dec 2015 07:09:12 +0100

--tB969CY2007824.1449641352/pla39
Content-Type: text/rfc822-headers

Return-Path: <root@<CENSORED>>
Received: from <CENSORED> (localhost.localdomain [127.0.0.1])
        by <CENSORED> (8.14.4/8.14.4/Debian-8) with ESMTP id tB969BY2007822
        for <<CENSORED>@gmail.com>; Wed, 9 Dec 2015 07:09:11 +0100
Received: (from root@localhost)
        by <CENSORED> (8.14.4/8.14.4/Submit) id tB969AGA007820;
        Wed, 9 Dec 2015 07:09:10 +0100
Date: Wed, 9 Dec 2015 07:09:10 +0100
From: root <root@<CENSORED>>
Message-Id: <201512090609.tB969AGA007820@<CENSORED>>
Subject: [reboot required] unattended-upgrades result for '<CENSORED>': True
To: <CENSORED>@gmail.com
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

--tB969CY2007824.1449641352/pla39--

This doesn't make sense, since
mailx -v -s "subject" [email protected] works fine
The .mailrc is in the root's home folder, owner by root and with the correct permissions (400)

Any clue why it won't work?

@roydq
Copy link

roydq commented Dec 9, 2015

It sounds like your server is connecting to gmail's SMTP server via IPv6, but it is a missing a reverse DNS entry for that IP. You'll need to get a reverse DNS record created by your host. Found here: http://serverfault.com/questions/538050/gmail-does-not-accept-mail-from-a-new-server

@hostile123
Copy link

how do u install mailx?

root@thaiprochat:~# apt install mailx
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package mailx is a virtual package provided by:
s-nail 14.8.6-1
mailutils 1:2.99.99-1ubuntu2
bsd-mailx 8.1.2-0.20160123cvs-2
You should explicitly select one to install.

E: Package 'mailx' has no installation candidate

@jarnos
Copy link

jarnos commented Jun 2, 2017

You do not need to install mailx to be able to send notifications via Gmail. See here.

@cmanzur
Copy link

cmanzur commented Apr 23, 2018

It works perfect in Ubuntu 14.04 but it doesn't work in Ubuntu 16.04 or 18.04... I think it is something relative to systemd + environments.
The final solution that works for me was install sendmail.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment