[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MTA for firewalls, etc. ?

On Mon, 12 Jan 1998, Adam P. Harris wrote:

> "Christian" == Christian Schwarz <schwarz@monet.m.isar.de> writes:
> > A lot of packages (e.g., cron) require a mail-transport-agent to be
> > installed. For security and other reasons, I'd like to have a very
> > simple MTA which will deliver all mails locally (i.e., directly to
> > /var/spool/mail) without any `.forwards' files, etc. The MTA should
> > not accept connections from outside and should never send any mails
> > to other hosts.
> 
> > One could probably tune sendmail/smail to do this, but I'd
> > appreciate having some _very_ simply MTA (since forgetting to turn
> > off a feature would result in a security leak). Does someone know a
> > program/package which does this job?
> 
> Huh.  I'm not sure if it meets you particular needs, but you should
> check out smap and smapd from the firewall toolkit (cf debian fwtk
> package).
> 
> I remember something about some other packages, bstmpd I think, but I
> don't remember where that's from and I can't seem to find any relevant
> URLs.
> 
> What you're asking for seems a little strange and will probably not be
> available out of the box.  How are users checking their mail if it's
> sitting in a spool dir on the firewall?

First of all, thanks a lot for all that tried to help. Unfortunately,
I haven't seen a satisfying solution. I guess I did not explain my
intentions well enough. Hope my explanation is better this time:

1. Some Debian packages require a MTA, i.e., they depend on
mail-transport-agent. However, we've not documented anywhere what this
exactly means. I've checked out a few packages now and it looks like a
`mail-transport-agent' is a package which provides /usr/lib/sendmail.
Is this correct? If so, we should state it in the Policy Manual.

2. One some hosts (i.e., software routers or firewalls) one does not want
to run large (and insecure) mailer daemons as sendmail, etc. However,
since some important packages like "cron" depend on mail-transport-agent,
one has to satisfy this dependency somehow. (Overriding dpkg does not help
in the case of "cron", since cron sends possible error messages via mail,
and these messages should not be thrown away.)

3. My special case: I have to set up a Linux server in a "foreign" 
network, which means, it's the first Linux server in the network and I
need to be 110% sure that no mails are sent to some other host. (Note,
that I made some bad experience with smail which, when configured wrongly,
sends mail to another server... :) 

So, provided that #1 is correct (i.e., packages depending on
mail-transport-agent just call /usr/lib/sendmail), I'm looking for a
_very_ simple package which provides mail-transport-agent, and installs a
short /usr/lib/sendmail which does nothing except saving all mails in some
central mail box or in different files in /var/spool/mail. I don't need
SMTP for sending nor receiving mails, nor do I need .forward files,
aliases, etc.

Having written this, I think a solution would be to just write a little
shell script /usr/lib/sendmail, which contains
	cat >> /var/log/mails
to just add all text from stdin to a log file.


Any help is appreciated!


Thanks,

Chris

--                 Christian Schwarz
Do you know         schwarz@monet.m.isar.de, schwarz@schwarz-online.com,
Debian GNU/Linux?    schwarz@debian.org, schwarz@mathematik.tu-muenchen.de
      
Visit                  PGP-fp: 8F 61 EB 6D CF 23 CA D7  34 05 14 5C C8 DC 22 BA
http://www.debian.org   http://fatman.mathematik.tu-muenchen.de/~schwarz/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .
Reply to: