[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mail server doing local delivery only for extra security

"Bryan K. Walton" wrote:
> This may seem an odd question but here goes:
> I am setting up a firewall for my home network running Debian 2.2.  From
> what I can tell, I have to have a mail server install for the "at" program to
> work.  I currently have exim installed and configured to do local delivery
> only (the only thing I need it to do is to deliver messages for root to
> another userid on the same box).
>         Now, this got me thinking.  While I have exim configured for local
> deliveries only, and my firewall rules will be set up to ensure that the
> mailserver is not accessed from the outside, it seems like the ideal option
> is to have a mailserver setup that ONLY does local delivery (incapable of
> doing deliveries off the box, regardless of the configuration).  Maybe I
> am paranoid, but this seems even safer.  Does anyone know if there is such a
> program?

I generally don't install an MTA on a firewall. I just have syslog set
to log to a remote machine (on the LAN) and do log processing and send
alert e-mails from that machine.

>         Also, how important is having the "at" program?  I don't know if I
> need it.  Maybe I should just remove the at program and then the mailserver
> software alltogether.

"at" is used to schedule jobs to run at a certain time. Like cron, but
once the job completes, it's deleted. I wouldn't consider it necessary
for your firewall machine's operation. If you need to schedule something
to run, you should be able to use cron to do it. The reason "at"
requires an MTA is so that job status reports can be mailed to the user
who set the job up.

Bryan Voss
    PGP Key: http://www.vosswerx.com/bvoss/pgpkey.txt

Reply to: