# Checking root's mail remotely



## MMacD (Oct 26, 2016)

What's the approved way to get root's mail from some other machine on a secure (pfsense box) lan?   

My server-of-all-work runs 10.2, and I have it set up with postfix, dovecot, pam, and openssl.  Openssl seems to believe that the setup is good, but I can't get the mail client,  running under XP, to log in as root.  Someone, pam I suppose, complains in 
maillog that

```
Oct 26 09:03:01 server dovecot: pop3-login: Login: user=<root>, method=PLAIN, rip=192.168.0.11, lip=192.168.0.96, mpid=30973, TLS, session=<z5ayPsQ/MhDAqAAL>
Oct 26 09:03:01 server dovecot: pop3(root): Error: Invalid settings in userdb: userdb returned 0 as uid
Oct 26 09:03:01 server dovecot: pop3(root): Error: Invalid user settings. Refer to server log for more information.
```
which I suppose means that it doesn't like me logging in as root.


----------



## SirDice (Oct 26, 2016)

It's probably easier if you redirect root's mail using /etc/aliases to a regular user account. You can even forward it to an 'external' email address. Just stick something like this at the end of /etc/aliases:

```
root: me@example.com
```
Or to a 'local' user:

```
root: myuser
```

Don't forget to run newaliases(8) after you modified /etc/aliases.

Using the root account with POP3/IMAP is, in general, not a good idea, even if the connection is encrypted. And judging by the error messages it looks like it's been disabled.


----------



## MMacD (Oct 27, 2016)

Thanks, SirD.  I should have thought of that myself, since I've been autoforwarding from my isp account for years.

I stumbled across some trickiness, trying to organise the alias.  I decided that it should be one I can `su root` from, but discovered that not only does dovecot not like root logging in remotely, it won't even allow someone from wheel to do so.   Then, trying to change /etc/group, I discovered that the only account listed for wheel is root itself.  So there are now 2 other accounts that think they're in wheel, but that aren't in /etc/group. Does that seem normal to you?  I've never had occasion to dig around in the group file before, so maybe it's okay, but it seems like a bug given what the docs say.


----------



## MMacD (Oct 27, 2016)

I found, too, that aliasing is a bit fragile,  since it got confused when I did a test mail to root@server, apparently not realising that it's a local address despite the hostname


----------



## SirDice (Oct 27, 2016)

Don't add the @hostname, this will ensure the account is always treated as local.


----------

