Unattended Security Updates on Ubuntu 20.04

Here’s an easy way to set up unattended upgrades for a single Ubuntu 20.04 server. It relies on a couple of things:

  • A working SMTP relay (Gmail, Sendinblue, etc).
  • An understanding that I have no idea how to script, and if I did, this would be better.

Copy/paste the following into your command line as root, otherwise prepend each command with “sudo”:

#apt update && apt upgrade && apt install unattended-upgrades && systemctl status unattended-upgrades && apt install update-notifier-common && rm -rf /etc/apt/apt.conf.d/50unattended-upgrades && nano /etc/apt/apt.conf.d/50unattended-upgrades

Here we’re doing a few things. First, we’re making sure our package manager is up to date. Second, we’re installing the unattended-upgrades package as well as update-notifier-common. We’re deleting the default config file they installed with the package, then making our own. Once nano opens up, copy and paste the following:

Unattended-Upgrade::Allowed-Origins {

Unattended-Upgrade::Package-Blacklist {


Unattended-Upgrade::DevRelease "auto";
Unattended-Upgrade::Mail "<your email here>";
Unattended-Upgrade::MailReport "always";
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
Unattended-Upgrade::Automatic-Reboot-Time "<time you want it to run in 24hr>";

Replace the bold items with your preferences.

Next, paste the following:

#apt install libsasl2-modules && nano /etc/postfix/sasl_passwd

Here is where your SMTP relay information goes. As a fake example, format it like the following:

smtp-relay.sendinblue.com fakeemail@nowhere.com:fakepassword

Let’s paste some more stuff to set up the postfix server for sending out our messages:

#postmap hash:/etc/postfix/sasl_passwd && chmod 600 /etc/postfix/sasl_passwd && rm -rf /etc/postfix/main.cf && nano /etc/postfix/main.cf

Here’s the pasted config for /etc/postfix/main.cf:

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

append_dot_mydomain = no

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks =
inet_interfaces = loopback-only
recipient_delimiter = +

compatibility_level = 2

relayhost = smtp-relay.sendinblue.com:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_tls_session_cache_timeout = 3600s

Again, replace the bold with your SMTP relay of choice. Last paste for installing mailutils and sending a test message:

postfix reload && apt install mailutils && echo "test message" | mail -s "test subject" fakeemail@nowhere.com