Preface:
Server admin n00b here. I'm setting up a web server for our site (Ubuntu 8.04 LTS 64-bit). The web server is not used for processing inbound mail or outbound mail sent by actual mail users for the domain; all of that is handled separately (by a hosting service; I have neither the time nor the expertise to keep a mail system running properly).
So, three-part question:
Is there any need for sendmail, postfix, qmail, exim, etc. on the web server? E.g., for logwatch or other processes to send their notifications? This is a hosted dedicated server and came with mail pre-configured, but naturally if I don't need it, I want to reduce the attack surface -- it's a publicly-facing server, after all.
If I don't need any of those installed, presumably I have to tell the server somewhere what SMTP server to use when sending mail? Or would that be per each package doing so (apticron, logwatch, etc.).
Again assuming I don't need mail services, what are the most popular config files in which I'd want to change the email address from "root" to something more appropriate to ensure that we do receive notifications? E.g.:
/etc/apticron/apticron.conf,/etc/logwatch/conf/logwatch.conf, ...
Links very welcome indeed.
Thanks in advance!
You need the mail server so that your local processes (like logwatch) can send mail. However, you can configure the mail server to only listen on 127.0.0.1 not on all networks, and that means that outsiders can't use it. That will reduce your "attack surface" (good term, by the way, I've never heard it before).
The usual answer for part 3 of your question is to put in an alias in /etc/aliases or where-ever your chosen mail server keeps its alias file. By default, those files usually alias a whole bunch of things (like "webmaster" and "bin") to root, and then at the end of all those, you put in another alias that aliases root to you.
You need some kind of MTA on your box, because most services don't know how to talk to a remote SMTP server and rely on
sendmail(1).On the other hand, you don't need a full fledged MTA like sendmail or postfix. You can use for example nullmailer or ssmtp (available as packages on Ubuntu) which doesn't implement the SMTP-listening part.
This minimal MTA in turn should be configured to relay your email via your ISP's mail gateway.
i've setup few vps without any mailserver with no problem at all. i even do apt-get purge postfix sendmail exim4-base nullmailer just to make sure nothing installed. and check nothing is listening on port 25.
apache, mysql, all others works with no problem.
except for one thing for sure, you cant send email. thus phpmail will not work.
I personally don't know how to config various Linux services to send out e-mail messages, but you're right: you don't need a local mail server if you're not processing e-mails with that machine.
Even if your services used the local mail server to send out their own messages, that would be a very bad setup, because it wouldn't be a publicly recognized mail server on the Internet, so most "real" mail servers would reject messages coming from it because of anti-spam filtering.
I strongly encourage you to configure your services to send out their e-mails using your ISP's mail server and disable the local one on your server.
You still need something than can send mail from your box. If you don't want to "full" MTA, you might try ssmtp. This is "fake" MTA, that emulates sendmail and can be configured to send all mail via remote smtp server.