local MTA even if a reliable remote MTA is available

Question

I had a discussion with our development team to have a local MTA installed on the application server or if they should use the MTA server located on the internal network to send their emails. There are pros and cons for both solutions.

Pros: The program sending the email can deliver it to the local MTA and forget about delivery, retries or any errors which may arise.

Cons: the user sending the email may be informed to late that there was an issue on sending the mail. A program could detect immediately if the remote server is not available. Cons: Security. the local MTA must be configured adequately to ensure the security of the server Cons: an additional layer of complexity in the process.

In my view, we should keep it simple. We are not talking about a program which is talking to MTA servers which are not controlled by us and for which we do not know the state of it. In my view, having a local MTA is necessary if you are unsure about your counter parts however here, the program will deliver it to a "known" MTA system. So I think that the additional layer is not necessary. Furthermore having a local MTA on each system trying to send emails may also lead to additional problems/errors and more administrative tasks (maintenance/patching). Some may say that on Unix system you always have a local MTA (sendmail) running but in our organisation we strip down systems to the minimum to ensure that extra services are not running which could lead to a potential risk.

However, I would be very interested to know how you would design the infrastructure keeping in mind that you talk to a known/controlled/monitored MTA System. Or is it just a matter of viewpoint?

Many thanks for your feedback.

Yves

Answer 1

If the remote MTA ("... the MTA server located on the internal network ...") is under the same administration as the proposed local MTA would be and the latter would deliver to the remote MTA only (acting as a sort of a relaying 'smart host'), then there is no need for a local MTA.

The only question then is if the local applications/users sending mails could live with the potential additional risk of a network failure when trying to reach the remote MTA.

Answer 2

Local MTA, even if the remote server is under the same administration. At some point the remote MTA will have to be patched and rebooted. By going directly to the remote MTA it creates a hard dependency such that the application will encounter errors when the remote MTA is rebooted, etc. The application now needs to implement retry logic, communicate with multiple remote MTAs; basically become a lite MTA. The local MTA should still relay to the remote MTAs and not deliver email directly -- this make it easier to manager and secure email delivery.