On Mon, Apr 08, 2019 at 02:14:33PM +0100, Thomas Pircher wrote: > Mark Fletcher wrote: > > mutt won't let me go back and edit the subject line. > > Hi Mark, > > > Short version: Is it reasonable to expect a piece of software to exist > > that establishes a direct connection to a "remote" MTA and delivers mail > > there for delivery, without also offering up mail reception > > capabilities? > > Yes, have a look at the dma or nullmailer packages. There used to be > more of these programs in Debian (ssmtp, for example), but on my system > (Buster) only those two seem to have survived. > > You could also use one of the big MTAs and configure them to listen to > local connections only, and/or block the SMTP ports with a firewall, but > both dma and nullmailer do their job just fine. Besides, they are much > simpler to configure. >
So this issue is now resolved; in the end I went with the sSMTP package, which pretty much seems precisely designed for situations like mine. I'm slightly alarmed by its orphan status in Debian, preventing it from getting into testing -- if I had more time on my hands I'd sign up to maintain it. But it was extremely simple to build and worked perfectly on my LFS machine once built. The only thing I needed to do was add a PREROUTING rule on my Stretch machine's iptables configuration because my Stretch machine's exim4 is not listening on the VPN interface, and I didn't want to change its configuration to make it do so because the VPN isn't always up and I don't want exim4 failing to start because the VPN hasn't been started when it starts during a reboot. So instead I am re-routing traffic coming into the Stretch machine via the VPN on the SMTP port to the machine's local physical IP address, where exim4 is listening. By NOT mucking around in POSTROUTING with the source address of the packets, the source remains the VPN IP address of the client machine, and thus replies from exim4 are correctly routed back through the VPN to the client. Perfect. I made confusion for myself by initially trying to set the target address to 127.0.0.1 instead of my local physical IP; that didn't work, I suspect because the packets then become invalid because they are claiming to be local packets but have a source address that is off-machine. I contemplated for a few minutes what I'd have to do to work around that, and concluded that simply mapping to the physical private IP of the machine was cleaner, and allows for different machines on the VPN to leverage my Stretch box as a mail relay in the future should I have the need to do that (I don't today). It works perfectly -- and more to the point of this thread, sSMTP was extremely simple to compile, is extremely simple to use, and does the job perfectly. Thanks to all who made suggestions. I did also download dma and will play around with that for learning's sake, but for now I'm going with sSMTP as a solution to this particular problem. Mark