However, I want to make sure that my server is not compromised as I've heard that having smtp/mail installed opens up new options for hackers
Any service can "open up new options for hackers" if it's poorly written. But for mail, both Postfix or Exim4 are very secure.
(In general, you'll be fine as long as you don't use a ten-year-old Sendmail. Current versions are secure, but I would recommend staying away from Sendmail anyway – the configuration file isn't exactly human-readable.)
Is there a tool that does not receive emails, but is only able to send them?
Any MTA (Postfix, Exim4, Sendmail) can work this way – just configure it to listen on loopback addresses only (::1
and 127.0.0.1
). You can even disable the SMTP compontent entirely – most Unix programs do not require it and send mail through /usr/sbin/sendmail
1, making SMTP unnecessary.
It's really not necessary against "hackers", though. The worst you can get with a decent MTA is leaving it open for relaying – and the default configurations already take care of that.
Another option is msmtp
, which doesn't even have full SMTP support – all it can do is relay mail through another mail server, such as Gmail's or your ISP's. But while it's useful for a personal computer, it doesn't really fit into a server environment.
1 "/usr/sbin/sendmail
" is a program that comes with all MTAs, while "Sendmail" is the name of a specific MTA.
May I suggest using a google.com email account to sent outgoing automated messages? That's how I have my servers set up, that way if anyone ever comprises my email for spam, I only lose a very replaceable email account and no blacklist. All you need to do is setup your favorite MTA to send through your google account. Also, OSSEC - google it. – skub – 2011-08-01T00:48:50.597
@skub: Sounds very promising, which MTA are you using with gmail? – Frank Vilea – 2011-08-01T00:59:46.373
You can do it with either Exim or Postfix, but I think Exim is easier to configure. Here are the instructions for Exim and Gmail: http://wiki.debian.org/GmailAndExim4
– skub – 2011-08-01T02:02:15.870@skub: Just for the record, Exim on Debian/Ubuntu has a very different configuration system (M4-based) than it does on other distributions. It's not always "easier". – user1686 – 2011-08-01T07:33:21.547
You're right, it could be harder to set up in other systems. It was just an assumption that the poster was using some flavor of *nix. The theory remains the same regardless of the system used. You could setup a smart host with authentication in any MTA - including exchange. – skub – 2011-08-01T12:25:44.907
@skub: My experience is that it's easier without the Debconf layer... – user1686 – 2011-08-01T14:25:06.800