On Mon, Apr 08, 2019 at 02:39:35PM +0100, Joe wrote: > On Mon, 8 Apr 2019 21:33:03 +0900 > Mark Fletcher <mark2...@gmail.com> wrote: > > > > > > My image of an ideal solution is a piece of software that can present > > email to a remote MTA (ie an MTA not on the local machine) for > > delivery, but is not itself an MTA, and certainly has no capability > > to listen for incoming mail. > > > > a) Sendmail. Not the full-featured MTA, but the utility. > https://clients.javapipe.com/knowledgebase/132/How-to-Test-Sendmail-From-Command-Line-on-Linux.html >
Oh ah. Right, I hadn't separated the two in my mind. This may also do the job well I'm guessing. > b) Write it yourself. If you can do simple scripting then you can write > something that talks basic SMTP to a remote SMTP server. > > Here's basic unencrypted SMTP: > https://my.esecuredata.com/index.php?/knowledgebase/article/112/test-your-smtp-mail-server-via-telnet > <snip> Yes, I had considered that too, and was going to script something up over a telnet session (inside my home LAN, albeit through a VPN to be able to tunnel back through a NAT'ing router) if this thread didn't turn up anything useful. But it did. :) Also, I'm an engineer by training and follow the principle of re-use -- if there's a tool out there that does what I want I'd rather use it than write a new one. I admit I sometimes stray from that in the name of learning, but on this occasion I just want to solve a problem and move on. > > c) Use a standard MTA and tell it not to listen to anything from > outside your network. Use your firewall to not accept SMTP on the WAN > port, and unless you have previously received email directly then the > SMTP port shouldn't be open anyway. > > Use the MTA's configuration to listen only to localhost. Restart it and > check where it's listening with netstat -tpan as root. > > That way you have two mechanisms to prevent access, even if you > misconfigure one of them you should still be OK. After you have the MTA > running and sending email where you want it to go, use ShieldsUp!! on > https://grc.com to check which ports are open to the outside. Select > 'All Service Ports' to check TCP/1-1055. > Yes, agreed, this should also work. One thing I didn't mention in my original post is that I have to build all software for the "client" machine from scratch, and I'd expect a full-strength MTA to be a large project to build from source (many and potentially complex dependencies and so on), while a simple tool is likely to have a smaller and less complex dependency tree. Also because security is important on this box, every package I add needs careful consideration to make sure it doesn't compromise that -- again nudging me towards the smaller, simpler tool with fewer dependencies. Thanks for your suggestions. Mark
