Hi all. If you have for example an email server in your basement it is often blocked due to your dynamic ip address. Well, there is a relatively easy way to get around this. The only thing you have to do is set up an smarthost in your mta (e.g. sendmail, postfix, exim…).

What is a smarthost? A smarthost is an external email server, normally a well known one, where you have an email account, e.g. yahoo or hotmail. So as you guessed from the article title we are doing this now with postfix. Why postfix? Because postfix is really easy to configure and gets the job done like sendmail. This howto only describes how to set up the smarthost not how to install postfix. So here we go.

Let's say you want to configure the smarthost with postfix on a CentOS machine and send email over port 587, so open the config file and add some lines to your /etc/postfix/main.cf:

# vim /etc/postfix/main.cf

add:

relayhost = smarthost.domain.com:587
smtp_sasl_auth_enable = yes
smtp_use_tls = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous

then we create /etc/postfix/smtp_auth and make the file only readable by root and postfix.

# touch /etc/postfix/smtp_auth && chown root:postfix /etc/postfix/smtp_auth && chmod 640 /etc/postfix/smtp_auth

open the previously created file and add some lines:

# vim /etc/postfix/smtp_auth

add:

smarthost.firma.zz       senduser:supersecret

now we have to create a lookup file from that file with

# postmap /etc/postfix/smtp_auth (this will create smtp_auth.db)

The postmap command has to be executed after every change to the smtp_auth file, please remember. If you do not so, postfix will never get notified about the changed file.

If you want your postfix server relay from outside to non-local domains add one of these lines:

smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination (postfix < 2.10)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination (postfix >= 2.10)

The last step is to restart postfix, done!

# /etc/init.d/postfix restart

have fun with your private mailserver! 🙂

hi, i don't know if you already had this problem with pfSense 1.2.3 but my havp or better said, clamd quits sometimes unexpectly. I searched the internet for some solutions but i couldn't find any. Some people were reporting that they had a hardware problem and that the freezing was solved after replacing e.g. the hard drive. Well, because i'm using a relatively new drive (or new compact flash as a drive), i wasn't too satisfied with this and wrote my own script to test the clamd socket and restart havp if needed.

My logs showed some of the following errors:

/var/log/havp/access.log:
{DATE} {IP} GET 200 {URL} 331+951 SCANERROR Detected dead scanner

/var/log/havp/havp.log:
{DATE} Scanner errors: Clamd: Could not read from scanner socket (lasturl: {URL})

So here is my script:

#! /usr/local/bin/php -qC
<?php
# open clamd socket
$socket = @fsockopen("localhost", 3310, $errno, $errstr, 1);
# if socket connection fails, restart clamd and havp
if (!$socket) {
    print "Unable to connect to CLAMD… socket down?\n";
    print "Stopping HAVP…\n";
    system("/usr/local/etc/rc.d/havp stop");
    print "Restarting CLAMD…\n";
    system("/usr/local/etc/rc.d/clamd stop");
    system("/usr/local/etc/rc.d/clamd start");
    print "Starting HAVP…\n";
    system("/usr/local/etc/rc.d/havp start");
}
# close socket
else fclose($socket);
?>

Save this to a file on the pfSense filesystem, set executable permissions on that file (chmod 755 <script>), add following lines to /etc/crontab and replace the <path_to_file> with your path and scriptname:

# check for havp every minute
*/1 * * * * root <path_to_file>

From then on, my pfSense box ran smoothly again.