Hello all As I wrote this I began to consider this is slightly OT for this list; my apologies for not putting OT in the subject line but mutt won't let me go back and edit the subject line.
Short version: Is it reasonable to expect a piece of software to exist that establishes a direct connection to a "remote" MTA and delivers mail there for delivery, without also offering up mail reception capabilities? If it is, what would that software be? Or alternatively, is there a failsafe way to configure one of the MTAs (I have no strong allegiance to any MTA, although the only one I have experience with is exim4) such that even if I miss a configuration step it won't be contactable from outside? To be clear, I only wish to be able to send mail in one direction in this scenario... The more detailed background: My ISP has recently developed the unfortunate habit of changing my IP address moderately frequently. They're allowed -- I'm cheap so I haven't paid for a fixed IP. I'm shortly going to be moving so now really isn't a good time to reconsider that position. They still aren't changing it crazily frequently, but I now run an OpenVPN server at home and it is a bit inconvenient when they change my home IP and I don't notice before going on a business trip or something. I'd like to set up an alert that lets me know when my external IP address has changed. The box that is in a position to notice that the IP address has changed is on the outer edge of my network connected directly to the internet. It runs LFS. Deeper inside my network, accessible from the LFS box via the VPN, is a Debian Stretch machine where I do most of my work. I've created a very simple script that is capable of parsing the output of "ip addr" and comparing the returned ip address for the relevant interface to a stored ip address, and thus being able to tell if the IP address has changed. What I'd like to do now is make a means for the LFS box to be able to notify me of the fact that the external-facing IP address has changed. My Debian machine runs exim4 and has a reasonably basic setup that allows it to accept mails from other machines on the network (although I may need to fiddle around with getting mail to come through the VPN) and deliver it either locally or using a friendly mail provider as a smarthost. I've successfully sent and received mail between this machine and a Buster machine on the same network, those two machines can see each other without the VPN. The Buster machine was also running exim4. The LFS machine is, by design, very sparsely configured with only software I truly needed installed. I am willing to add software but wish to minimise the risk of installing something that opens up external-facing vulnerabilities as much as possible. What I'd really like is a piece of software that can reach out to my Stretch machine through the VPN to present an email for delivery without offering a local MTA that, improperly configured, might end up listening to the outside world and thus present a security risk. I've looked at sendmail, postfix and of course exim4, and these are MTAs which could certainly do the job but which also present the risk of listening to the internet, especially if I do something stupid in the configuration which is entirely feasible. And from some basic tests I did on my Stretch machine I think the mail command expects there to be a local MTA for it to talk to... My image of an ideal solution is a piece of software that can present email to a remote MTA (ie an MTA not on the local machine) for delivery, but is not itself an MTA, and certainly has no capability to listen for incoming mail. Thanks in advance Mark