0

I need fail2ban to send out email notifications to myself. It runs on a Debian 10 minimal install

All of the tutorials I found simply install the full email packages like Postfix or Sendmail, and move on. Moreover (and if I got it right) for the mail command to be available, I also need to install mailutils.

With merely those two, here's what I'm looking at:

root:~# apt-get install --no-install-recommends sendmail mailutils
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  guile-2.2-libs libgc1c2 libgsasl7 libkyotocabinet16v5 liblockfile1 libltdl7 liblzo2-2 libmailutils5 libmariadb3 libntlm0 libpython2.7 libsigsegv2 lockfile-progs m4 mailutils-common make mariadb-common mysql-common procmail
  sendmail-base sendmail-bin sendmail-cf sensible-mda
Suggested packages:
  m4-doc mailutils-mh mailutils-doc make-doc sendmail-doc rmail logcheck resolvconf sasl2-bin
The following NEW packages will be installed:
  guile-2.2-libs libgc1c2 libgsasl7 libkyotocabinet16v5 liblockfile1 libltdl7 liblzo2-2 libmailutils5 libmariadb3 libntlm0 libpython2.7 libsigsegv2 lockfile-progs m4 mailutils mailutils-common make mariadb-common mysql-common procmail
  sendmail sendmail-base sendmail-bin sendmail-cf sensible-mda
0 upgraded, 25 newly installed, 0 to remove and 1 not upgraded.
Need to get 2525 kB/12.1 MB of archives.
After this operation, 63.4 MB of additional disk space will be used.
Do you want to continue? [Y/n] n

(For Postfix the list is quite similar)

Sure enough I can continue, but my concerns are all the extra packages that I otherwise wouldn't install on this server (e.g. the database software), and the potential security issues that I otherwise wouldn't have faced. (Sure, I can block port 25, but it's still a few extra things to maintain on the system, times several systems; not having any of that at all seems like a much easier and safer option)

Aliasing Sendmail to go to an external SMTP isn't an option either, because I need this on multiple servers, and delivering and configuring SMTP passwords on each may be a hassle.

Is there a way to make fail2ban send out emails without this much overhead? I don't care if the email looks spammy; I will whitelist the sender server in my inbox to make sure it doesn't go to junk mail. That server will not be sending emails to anyone else.

Apparently, it's possible to send out an e-mail using just telnet. I was hoping there's a way to have fail2ban be able to do something similar easily - either with a script, or a tiny utility available with apt-get install. Am I asking for something realistic, or shut up and get Sendmail is my only option?

ᴍᴇʜᴏᴠ
  • 577
  • 1
  • 6
  • 20
  • @Lenniey I'm not sure: the other asker specifically doesn't want root@machinename, while I'm fine with it; the accepted answer is about exim4 which is not lightweight; the other answer mentions ssmtp, which [someone else claims is not in active development and therefore not secure](https://unix.stackexchange.com/questions/116805/how-to-install-postfix-for-sending-mails-to-admin-only/118101#comment459267_118101) – ᴍᴇʜᴏᴠ Jan 07 '20 at 18:53
  • Yes, but if you follow the rabbits hole you'll find [msmtp](https://marlam.de/msmtp/) or just use ssmtp, which is "old", but looks stable enough. – Lenniey Jan 08 '20 at 07:14
  • @Lenniey I did, and I also found `nullmailer`, and all three seem to depend on an external SMTP server, which I explicitly said I wanted to avoid. I'm still looking though if there's a way around that with any of them – ᴍᴇʜᴏᴠ Jan 08 '20 at 09:34
  • Well, you'll need _some_ mailserver _somewhere_... – Lenniey Jan 08 '20 at 09:37

0 Answers0