I want to collect certain information from people/devices via email. These emails will never be delivered to anybody, but simply processed on the server. Received emails will be processed - some simply dropped, most stored (in a database), attachments may or may not be stored (but never executed) depending on certain conditions.
I have investigated using existing MTA software for this, and have come to the conclusion that it would be overkill and create complexity far above what is necessary for this purpose.
If I were to write my own MTA software I would need to implement a fairly limited subset of features - literally enough to receive emails, no sending whatsoever. I would keep the actual MTA software as thin as possible to minimize the amount of maintenance. So after the MTA software has received an email it would pass it (in its entirety) to a second piece of software which would perform the processing.
The emails are simply stored, to be retrieved in a web UI by the sender and anybody else they specifically allow only. Certain attachments will be stored, but never executed on the server and again only accessible by the sender of the original email and others they nominate.
I know very little about the world of network security - with such a limited server am I opening up a potential way in? I guess the answer to that question is always yes - but am I any less secure that with a well maintained, secure but full featured MTA software (like Postfix)?
If I haven't been specific or clear enough please let me know, thanks!
(The server will be Linux, likely Ubuntu. Software most likely written in C# under Mono, possibly Python or a mix (C# server, Python processing))
@ S. Lott I've spent the past 3 days exploring the option of using existing software and it seems my that my best solution would be Postfix > Procmail > my own processing. Postfix is a complete MTA solution which took a lot of configuration to get close to what I want - the complexity is largely an issue of configuration and getting 3rd party software to work together do do my bidding. I'm sure somebody well versed in configuring mail servers and administering nix servers in general would have a much easier time, but as I see it a custom solution wouldn't be a huge project - my only real concern was security.
Also with regards to overkill - I need a very limited subset of what Postfix does, and most of the configuration I was looking at was trying to disable certain behaviour. In many respects I would prefer to use mature, stable Postfix over my own solution, but I feel that the time already invested could have been used much more productively writing something specifically for the task.