[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: minimal mail config for firewall?

Marcin Owsiany wrote:
> On Thu, Jun 15, 2000 at 09:42:39AM -0400, Paul Reavis wrote:
> > What would y'all recommend as a minimal mail setup for a firewall
> > system. Quite a few things seem to depend on _some_ sort of MTA, but I
> > don't want SMTP (I'm redirecting SMTP to an internal mail server).
> You are probably looking for ssmtp
> Description: Extremely simple MTA to get mail off the system to a Mailhub
>  A secure, effective and simple way of getting mail off a system to your
>  mailhost. No suid-binaries or other dangerous things. No mail spool to poke
>  around in. No daemons running in the background. Mail is simply forwarded
>  to the configured mailhost. Extremely easy configuration.
>  .
>  WARNING: the above is all it does. It does not receive mail, expand
>  aliases or manage a queue.  That belongs on a mailhub with a system
>  administrator.

What about mail addressed to root? Is it simply forwarded to
root@mailhub? This sounds OK to me - I can hardcode the destination
mailhub and feel reasonably good about things, barring packet sniffers
on my internal network or a compromised mailhub.

> > On a related note, does anyone have any good schemes for getting logs
> > off a firewall reasonably securely, so they can show up in your email? I
> > hate having to constantly log in to check them, but feel that just
> > email/fetchmail out from the machine is chancy.
> Depends on your exact mail setup, I think. Maybe make a script that would
> download the logs to some other box using scp and mail them locally then to
> your account's mailbox.

Hmm... that sounds reasonable too.


Paul Reavis                                      preavis@partnersoft.com
Design Lead
Partner Software, Inc.                        http://www.partnersoft.com

Reply to: