Hi all:
I am not an actual sysadmin, not even part time. I don't know much about e-mail servers, and I get the shivers just by looking at the table of
contents of the documentation for Exim or Postfix.
I saw that Ubuntu 20.04 packages OpenSMTPD, so I thought I could give it a try. The documentation seems reasonable. There are however very few
examples, and the config syntax has allegedly changed relatively recently, so old examples on the Internet will probably not apply anymore.
As an example, I normally find the ArchWiki very useful, but the OpenSMTPD configuration this wiki suggests for relaying uses procmail, which
according to the same wiki it is unmaintained:
https://wiki.archlinux.org/title/OpenSMTPD
Before investing more time reading documentation about the "interesting" mail
world, I thought maybe you could help.
My requirements are very simple. I need software like cron or Prometheus to be able to send notification e-mails, but I want to minimise risk and
admin overhead. The detailed requirements are:
- All local users should be able to send e-mail.
- No SMTP server that could be abused.
Sending should work only with "mail", "sendmail", or whatever local tool you
would normally use from the command line.
- Outgoing mail should get relayed to an external SMTP server. This happens to
be at my ISP (at the moment).
I can create an account on the ISP called
[email protected] just for sending.
- The only 2 allowed recipients when sending from this system should be:
[email protected]
[email protected]
Any other recipient should hopefully make "mail", "sendmail" or whatever yield
a non-zero exit code straight away.
The idea is to make it harder to abuse the local "sendmail" tool to spam the
world from an unprivileged local account.
I guess I could restrict the recipients on the ISP sender mailbox, but that
depends on the ISP. Tomorrow I could have a different ISP.
I could also install a relaying SMTP server on another local system that enforces the recipient limitations, but security does not have to be so tight
to justify another layer of indirection.
- Bonus 1: The connection to the ISP SMTP must be encrypted, or the e-mail will
not get sent.
I wonder how I can handle this. There probably would be a bounced mail, but the local sender has no mail account to receive the bounce mail. And the
bounce mail cannot be sent to an external e-mail address if the one and only relaying SMTP connection does not support encryption.
- Bonus 2: Restrict the local user accounts that can send mail without having
to supply an authentication password when sending.
OpenSMTPD would just have a list of local account names that are allowed to send. Otherwise, the extra administrative burden of creating accounts and
passwords is not worth it.
Can someone here post an appropriate configuration file for OpenSMTPD? It does
not need to be complete, I just want something to start from.
I am guessing that such a simple setup should be useful for other people too.
When I get it running, I'll post it on my blog.
Or maybe my strategy does not really make sense and you have better suggestions.
Thanks in advance,
rdiez
