Web lists-archives.com

Simple Linux to Linux(Debian) email




Hello all

As I wrote this I began to consider this is slightly OT for this list; 
my apologies for not putting OT in the subject line but mutt won't let 
me go back and edit the subject line.

Short version: Is it reasonable to expect a piece of software to exist 
that establishes a direct connection to a "remote" MTA and delivers mail 
there for delivery, without also offering up mail reception 
capabilities? If it is, what would that software be? Or alternatively, 
is there a failsafe way to configure one of the MTAs (I have no strong 
allegiance to any MTA, although the only one I have experience with is 
exim4) such that even if I miss a configuration step it won't be 
contactable from outside? To be clear, I only wish to be able to send 
mail in one direction in this scenario...

The more detailed background:

My ISP has recently developed the unfortunate habit of changing my IP 
address moderately frequently. They're allowed -- I'm cheap so I haven't 
paid for a fixed IP. I'm shortly going to be moving so now really isn't 
a good time to reconsider that position.

They still aren't changing it crazily frequently, but I now run an 
OpenVPN server at home and it is a bit inconvenient when they change my 
home IP and I don't notice before going on a business trip or something.

I'd like to set up an alert that lets me know when my external IP 
address has changed.

The box that is in a position to notice that the IP address has changed 
is on the outer edge of my network connected directly to the internet. 
It runs LFS.

Deeper inside my network, accessible from the LFS box via the VPN, is a 
Debian Stretch machine where I do most of my work.

I've created a very simple script that is capable of parsing the output 
of "ip addr" and comparing the returned ip address for the relevant 
interface to a stored ip address, and thus being able to tell if the IP 
address has changed. What I'd like to do now is make a means for the LFS 
box to be able to notify me of the fact that the external-facing IP 
address has changed. 

My Debian machine runs exim4 and has a reasonably basic setup that 
allows it to accept mails from other machines on the network (although I 
may need to fiddle around with getting mail to come through the VPN) and 
deliver it either locally or using a friendly mail provider as a 
smarthost. I've successfully sent and received mail between this machine 
and a Buster machine on the same network, those two machines can see 
each other without the VPN. The Buster machine was also running exim4.

The LFS machine is, by design, very sparsely configured with only 
software I truly needed installed. I am willing to add software but wish 
to minimise the risk of installing something that opens up 
external-facing vulnerabilities as much as possible. What I'd really 
like is a piece of software that can reach out to my Stretch machine 
through the VPN to present an email for delivery without offering a 
local MTA that, improperly configured, might end up listening to the 
outside world and thus present a security risk.

I've looked at sendmail, postfix and of course exim4, and these are MTAs 
which could certainly do the job but which also present the risk of 
listening to the internet, especially if I do something stupid in the 
configuration which is entirely feasible. And from some basic tests I 
did on my Stretch machine I think the mail command expects there to be a 
local MTA for it to talk to...

My image of an ideal solution is a piece of software that can present 
email to a remote MTA (ie an MTA not on the local machine) for delivery, 
but is not itself an MTA, and certainly has no capability to listen for 
incoming mail.

Thanks in advance

Mark