Hi all. If you have for example an email server in your basement it is often blocked due to your dynamic ip address. Well, there is a relatively easy way to get around this. The only thing you have to do is set up an smarthost in your mta (e.g. sendmail, postfix, exim…).

What is a smarthost? A smarthost is an external email server, normally a well known one, where you have an email account, e.g. yahoo or hotmail. So as you guessed from the article title we are doing this now with postfix. Why postfix? Because postfix is really easy to configure and gets the job done like sendmail. This howto only describes how to set up the smarthost not how to install postfix. So here we go.

Let's say you want to configure the smarthost with postfix on a CentOS machine and send email over port 587, so open the config file and add some lines to your /etc/postfix/main.cf:

# vim /etc/postfix/main.cf

add:

relayhost = smarthost.domain.com:587
smtp_sasl_auth_enable = yes
smtp_use_tls = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous

then we create /etc/postfix/smtp_auth and make the file only readable by root and postfix.

# touch /etc/postfix/smtp_auth && chown root:postfix /etc/postfix/smtp_auth && chmod 640 /etc/postfix/smtp_auth

open the previously created file and add some lines:

# vim /etc/postfix/smtp_auth

add:

smarthost.firma.zz       senduser:supersecret

now we have to create a lookup file from that file with

# postmap /etc/postfix/smtp_auth (this will create smtp_auth.db)

The postmap command has to be executed after every change to the smtp_auth file, please remember. If you do not so, postfix will never get notified about the changed file.

If you want your postfix server relay from outside to non-local domains add one of these lines:

smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination (postfix < 2.10)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination (postfix >= 2.10)

The last step is to restart postfix, done!

# /etc/init.d/postfix restart

have fun with your private mailserver! 🙂

hi, i don't know if you already had this problem with pfSense 1.2.3 but my havp or better said, clamd quits sometimes unexpectly. I searched the internet for some solutions but i couldn't find any. Some people were reporting that they had a hardware problem and that the freezing was solved after replacing e.g. the hard drive. Well, because i'm using a relatively new drive (or new compact flash as a drive), i wasn't too satisfied with this and wrote my own script to test the clamd socket and restart havp if needed.

My logs showed some of the following errors:

/var/log/havp/access.log:
{DATE} {IP} GET 200 {URL} 331+951 SCANERROR Detected dead scanner

/var/log/havp/havp.log:
{DATE} Scanner errors: Clamd: Could not read from scanner socket (lasturl: {URL})

So here is my script:

#! /usr/local/bin/php -qC
<?php
# open clamd socket
$socket = @fsockopen("localhost", 3310, $errno, $errstr, 1);
# if socket connection fails, restart clamd and havp
if (!$socket) {
    print "Unable to connect to CLAMD… socket down?\n";
    print "Stopping HAVP…\n";
    system("/usr/local/etc/rc.d/havp stop");
    print "Restarting CLAMD…\n";
    system("/usr/local/etc/rc.d/clamd stop");
    system("/usr/local/etc/rc.d/clamd start");
    print "Starting HAVP…\n";
    system("/usr/local/etc/rc.d/havp start");
}
# close socket
else fclose($socket);
?>

Save this to a file on the pfSense filesystem, set executable permissions on that file (chmod 755 <script>), add following lines to /etc/crontab and replace the <path_to_file> with your path and scriptname:

# check for havp every minute
*/1 * * * * root <path_to_file>

From then on, my pfSense box ran smoothly again.

Hi, this is for everyone who already wanted to know how to spin down the disks on linux and save some energy. It's quite easy, just enter following command in your terminal:

# hdparm -S 241 /dev/sda

This will spin down the specified disk (sda) after 30 minutes of inactivity. Here is a small explanation of the time paramter:

 -S:
Set the standby (spindown) timeout for the drive. This value is used by the drive to determine how long to wait  (with no disk activity)  before turning off the spindle motor to save power. Under such circumstances, the drive may take as long as 30 seconds to respond to a subsequent disk access, though most drives are much quicker. The encoding of the timeout value is somewhat peculiar.  A value of zero means "timeouts are disabled": the device will not automatically enter standby mode.  Values from 1 to 240 specify multiples of 5 seconds, yielding timeouts from 5 seconds to 20 minutes. Values from 241 to 251 specify from 1 to 11 units of 30 minutes, yielding timeouts from 30 minutes to 5.5 hours. A value of 252 signifies a timeout of 21 minutes. A value of 253 sets a vendor-defined timeout period between 8 and 12 hours, and the value 254 is reserved.  255 is interpreted as 21 minutes plus 15 seconds. Note that some older drives may have very different interpretations of these values.

Don't forget to reboot after you entered the command.