I have a web application server running Ubuntu. The Application is built in Python/Django, but does not have any specific use cases to send email. We have log management software that allows us to check all logs, so we don't have any need for emailing logs or any such stuff.
We have tried to harden this box, but I noticed sendmail was installed & running plus I see "sendmail MTA : Accepting connections" when I "ps -ef | grep sendmail". A bit scary.
From a security aspect am I better of uninstalling sendmail (and postfix, for that matter) – because emails don't seem to be needed at all. If at all its essential, they need to be outgoing-only. Or is there an aspect of Linux that has a dependency on emails (I can think of git config, django admin accounts etc).
Best Answer
No, it's not required to have, but you break some things by not having it (like logrotate). It's easier to just use iptables and block the ports.