How to Configure yum-cron to Send Email Notifications

This post outlines steps to configure yum-cron services and send an email notification.

1. Install the yum-cron package:

# yum install yum-cron

2. Edit /etc/yum/yum-cron.conf configuration file to use an email notification:

# cat /etc/yum/yum-cron.conf
# What kind of update to use:
# default = yum upgrade
# security = yum --security upgrade
# security-severity:Critical = yum --sec-severity=Critical upgrade
# minimal = yum --bugfix update-minimal
# minimal-security = yum --security update-minimal
# minimal-security-severity:Critical = --sec-severity=Critical update-minimal

update_cmd = default
# Whether a message should be emitted when updates are available,
# were downloaded or applied.

update_messages = yes
# Whether updates should be downloaded when they are available.

download_updates = yes
# Whether updates should be applied when they are available. Note
# that download_updates must also be yes for the update to be applied.

apply_updates = yes
# Maximum amout of time to randomly sleep, in minutes. The program
# will sleep for a random amount of time between 0 and random_sleep
# minutes before running. This is useful for e.g. staggering the
# times that multiple systems will access update servers. If
# random_sleep is 0 or negative, the program will run immediately.
# 6*60 = 360

random_sleep = 10
# Name to use for this system in messages that are emitted. If
# system_name is None, the hostname will be used.

system_name = [email protected]
# How to send messages. Valid options are stdio and email. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via is None or left blank, no messages will be sent.

emit_via = email
# The width, in characters, that messages that are emitted should be
# formatted to.

output_width = 80

# The address to send email messages from.
# NOTE: 'localhost' will be replaced with the value of system_name.
#email_from = root@localhost

email_from = [email protected]
# List of addresses to send messages to.

email_to = [email protected]
# Name of the host to connect to to send email messages.

email_host = localhost

# NOTE: This only works when group_command != objects, which is now the default
# List of groups to update
group_list = None

# The types of group packages to install
group_package_types = mandatory, default

# This section overrides yum.conf

# Use this to filter Yum core messages
# -4: critical
# -3: critical+errors
# -2: critical+errors+warnings (default)
debuglevel = -2

# skip_broken = True
mdpolicy = group:main

# Uncomment to auto-import new gpg keys (dangerous)
# assumeyes = True

3. Edit below option in the base section of /etc/yum/yum-cron.conf in order to exclude any rpm to be installed, example the kernel.


4. To use following option in yum-cron configuration file to install security updates.

# What kind of update to use:
# default = yum upgrade
# security = yum --security upgrade
# security-severity:Critical = yum --sec-severity=Critical upgrade
# minimal = yum --bugfix upgrade-minimal
# minimal-security = yum --security upgrade-minimal
# minimal-security-severity:Critical = --sec-severity=Critical upgrade-minimal
update_cmd = security

5. Start and Enable yum-cron:

# systemctl enable --now yum-cron

6. Make sure to configure and start postfix services as relay server in order to send the emails. For example:

# cat /etc/postfix/ | grep -v "^#"
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix

inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550

relayhost = []

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES

7. Enable and start Postfix services:

# systemctl enable --now postfix

8. Make sure the postfix relay it is working as expected:

# echo "Testing Posfix Relay Services" | mailx -vvv -s "IGNORE: TEST MESSAGE " -S -r [user]

9. Example of an email notification:

 Forwarded Message --------
Subject: Yum: Updates Available on
Date: Thu, 21 May 2020 21:36:39 +0000 (GMT)
From: root@
To: [email protected]
The following updates are available on
Package Arch Version Repository Size
kernel x86_64 3.10.0-1127.8.2.el7 ol7_latest 50 M
kernel-uek x86_64 4.14.35-1902.302.2.el7uek ol7_UEKR5 52 M
python2-cffi x86_64 1.9.1-1.el7 ol7_developer 220 k
replacing python-cffi.x86_64 1.6.0-5.el7
python2-chardet noarch 3.0.4-3.el7 ol7_developer 185 k
replacing python-chardet.noarch 2.2.1-3.el7
python2-idna noarch 2.5-1.el7 ol7_developer 95 k
replacing python-idna.noarch 2.4-1.el7
python2-pyyaml x86_64 5.1.2-1.0.1.el7 ol7_developer 106 k
replacing PyYAML.x86_64 3.10-11.el7
python2-urllib3 noarch 1.22-2.el7 ol7_developer 174 k
replacing python-urllib3.noarch 1.10.2-7.el7
augeas-libs x86_64 1.4.0-9.el7_8.1 ol7_latest 355 k
bind-export-libs x86_64 32:9.11.4-16.P2.el7_8.3 ol7_latest 1.1 M
bind-libs x86_64 32:9.11.4-16.P2.el7_8.3 ol7_latest 155 k
bind-libs-lite x86_64 32:9.11.4-16.P2.el7_8.3 ol7_latest 1.1 M
bind-license noarch 32:9.11.4-16.P2.el7_8.3 ol7_latest 89 k
bind-utils x86_64 32:9.11.4-16.P2.el7_8.3 ol7_latest 258 k
binutils x86_64 2.27-43.base.0.1.el7_8.1 ol7_latest 5.9 M
bpftool x86_64 3.10.0-1127.8.2.el7 ol7_latest 8.4 M
device-mapper x86_64 7:1.02.164-7.0.1.el7_8.2 ol7_latest 295 k
device-mapper-event x86_64 7:1.02.164-7.0.1.el7_8.2 ol7_latest 191 k
x86_64 7:1.02.164-7.0.1.el7_8.2 ol7_latest 190 k
device-mapper-libs x86_64 7:1.02.164-7.0.1.el7_8.2 ol7_latest 324 k
dracut x86_64 033-568.0.3.el7 ol7_latest 330 k
x86_64 033-568.0.3.el7 ol7_latest 62 k
dracut-network x86_64 033-568.0.3.el7 ol7_latest 105 k
iproute x86_64 5.4.0-1.0.1.el7 ol7_UEKR5 619 k
iproute-tc x86_64 5.4.0-1.0.1.el7 ol7_UEKR5 406 k
x86_64 ol7_latest 428 k
x86_64 ol7_latest 94 k
kernel-tools x86_64 3.10.0-1127.8.2.el7 ol7_latest 8.0 M
kernel-tools-libs x86_64 3.10.0-1127.8.2.el7 ol7_latest 8.0 M
libgudev1 x86_64 219-73.0.1.el7_8.6 ol7_latest 107 k
libsss_idmap x86_64 1.16.4-37.0.1.el7_8.3 ol7_latest 155 k
libsss_nss_idmap x86_64 1.16.4-37.0.1.el7_8.3 ol7_latest 161 k
libzstd x86_64 1.4.4-1.el7 ol7_developer_EPEL 259 k
lvm2 x86_64 7:2.02.186-7.0.1.el7_8.2 ol7_latest 1.3 M
lvm2-libs x86_64 7:2.02.186-7.0.1.el7_8.2 ol7_latest 1.1 M
osms-agent x86_64 0.0.1-449.el7 ol7_oci_included 21 M
python-perf x86_64 3.10.0-1127.8.2.el7 ol7_latest 8.0 M
python-setuptools noarch 18.0.1-2.el7 ol7_developer 417 k
sos noarch 3.8-8.0.1.el7_8 ol7_latest 518 k
sssd-client x86_64 1.16.4-37.0.1.el7_8.3 ol7_latest 211 k
systemd x86_64 219-73.0.1.el7_8.6 ol7_latest 5.1 M
systemd-libs x86_64 219-73.0.1.el7_8.6 ol7_latest 417 k
systemd-python x86_64 219-73.0.1.el7_8.6 ol7_latest 143 k
systemd-sysv x86_64 219-73.0.1.el7_8.6 ol7_latest 94 k
tuned noarch 2.11.0-8.0.2.el7 ol7_latest 269 k
tuned-profiles-oci noarch 2.11.0-8.0.2.el7 ol7_optional_latest 33 k
noarch 2.11.0-8.0.2.el7 ol7_optional_latest 30 k
tzdata noarch 2020a-1.el7 ol7_latest 494 k
yum-utils noarch 1.1.31-54.0.1.el7_8 ol7_latest 122 k
Installing for dependencies:
python2-pyOpenSSL noarch 18.0.0-1.el7 ol7_developer 97 k
python2-pysocks noarch 1.6.8-6.el7 ol7_developer_EPEL 30 k
Transaction Summary
Install 7 Packages (+2 Dependent packages)
Upgrade 41 Packages