I started writing some scripts that backup my log files. Whenever an error is found in the log file, I want to send off an email to myself. However, I want to make sure that my server is not compromised as I've heard that having smtp/mail installed opens up new options for hackers.
Is there a tool that does not receive emails, but is only able to send them? Also, what security considerations would I need to take when installing it?
However, I want to make sure that my server is not compromised as I've heard that having smtp/mail installed opens up new options for hackers
Any service can "open up new options for hackers" if it's poorly written. But for mail, both Postfix or Exim4 are very secure.
(In general, you'll be fine as long as you don't use a ten-year-old Sendmail. Current versions are secure, but I would recommend staying away from Sendmail anyway – the configuration file isn't exactly human-readable.)
Is there a tool that does not receive emails, but is only able to send them?
Any MTA (Postfix, Exim4, Sendmail) can work this way – just configure it to listen on loopback addresses only (::1 and 127.0.0.1). You can even disable the SMTP compontent entirely – most Unix programs do not require it and send mail through /usr/sbin/sendmail1, making SMTP unnecessary.
It's really not necessary against "hackers", though. The worst you can get with a decent MTA is leaving it open for relaying – and the default configurations already take care of that.
Another option is msmtp, which doesn't even have full SMTP support – all it can do is relay mail through another mail server, such as Gmail's or your ISP's. But while it's useful for a personal computer, it doesn't really fit into a server environment.
1 "/usr/sbin/sendmail" is a program that comes with all MTAs, while "Sendmail" is the name of a specific MTA.
Sending mail from a shell script is fairly easy as long as you have a standard MTA installed (Postfix, Exim4, Sendmail, etc). Generally to send you can use the mail command with appropriate arguments, echoing your email content to the program. For example:
echo "Error occurred in script at `date`" | mail -s "Error running script" youremail@domain.com
the -s argument specifies the subject and you follow with the email recipient.
Another example
grep -i error /path/to/yourfile.log | mail -s "Errors from script execution" youremail@domain.com
Check man mail for more options.
Another option if you're running your script via cron, is to have cron automatically email the output from your script to you. Add the MAILTO option to your crontab as follows:
MAILTO=youremail@domain.com
and you'll receive an email with any output from stdout each time your script runs.
As for security, sending and receiving email are 2 completely different things. You can send email from your server without running a receiving mail server, simply don't run the smtp daemon or block access to incoming port 25 (SMTP) via a firewall if you don't need to receive email via this server.
