Preface:
Server admin n00b here. I'm setting up a web server for our site (Ubuntu 8.04 LTS 64-bit). The web server is not used for processing inbound mail or outbound mail sent by actual mail users for the domain; all of that is handled separately (by a hosting service; I have neither the time nor the expertise to keep a mail system running properly).
So, three-part question:
-
Is there any need for sendmail, postfix, qmail, exim, etc. on the web server? E.g., for logwatch or other processes to send their notifications? This is a hosted dedicated server and came with mail pre-configured, but naturally if I don't need it, I want to reduce the attack surface — it's a publicly-facing server, after all.
-
If I don't need any of those installed, presumably I have to tell the server somewhere what SMTP server to use when sending mail? Or would that be per each package doing so (apticron, logwatch, etc.).
-
Again assuming I don't need mail services, what are the most popular config files in which I'd want to change the email address from "root" to something more appropriate to ensure that we do receive notifications? E.g.:
/etc/apticron/apticron.conf,/etc/logwatch/conf/logwatch.conf, …
Links very welcome indeed.
Thanks in advance!
Best Answer
You need the mail server so that your local processes (like logwatch) can send mail. However, you can configure the mail server to only listen on 127.0.0.1 not on all networks, and that means that outsiders can't use it. That will reduce your "attack surface" (good term, by the way, I've never heard it before).
The usual answer for part 3 of your question is to put in an alias in /etc/aliases or where-ever your chosen mail server keeps its alias file. By default, those files usually alias a whole bunch of things (like "webmaster" and "bin") to root, and then at the end of all those, you put in another alias that aliases root to you.