Re: minimal mail config for firewall?
Marcin Owsiany wrote:
> On Thu, Jun 15, 2000 at 09:42:39AM -0400, Paul Reavis wrote:
> > What would y'all recommend as a minimal mail setup for a firewall
> > system. Quite a few things seem to depend on _some_ sort of MTA, but I
> > don't want SMTP (I'm redirecting SMTP to an internal mail server).
> You are probably looking for ssmtp
> Description: Extremely simple MTA to get mail off the system to a Mailhub
> A secure, effective and simple way of getting mail off a system to your
> mailhost. No suid-binaries or other dangerous things. No mail spool to poke
> around in. No daemons running in the background. Mail is simply forwarded
> to the configured mailhost. Extremely easy configuration.
> WARNING: the above is all it does. It does not receive mail, expand
> aliases or manage a queue. That belongs on a mailhub with a system
What about mail addressed to root? Is it simply forwarded to
root@mailhub? This sounds OK to me - I can hardcode the destination
mailhub and feel reasonably good about things, barring packet sniffers
on my internal network or a compromised mailhub.
> > On a related note, does anyone have any good schemes for getting logs
> > off a firewall reasonably securely, so they can show up in your email? I
> > hate having to constantly log in to check them, but feel that just
> > email/fetchmail out from the machine is chancy.
> Depends on your exact mail setup, I think. Maybe make a script that would
> download the logs to some other box using scp and mail them locally then to
> your account's mailbox.
Hmm... that sounds reasonable too.
Paul Reavis email@example.com
Partner Software, Inc. http://www.partnersoft.com