Postfix smtp relay on OS X Yosemite 10.10

I’m lazy, and for email testing this is great. Who doesn’t need an email relay at some point? As there was no off the shelf solution, here it is for Yosemite.

Define the relay host:
sudo vim /etc/postfix/main.cf
Add section after the existing ‘relayhost’ example:
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_sasl_mechanism_filter = plain

Add your account for the relay to use.
sudo vim /etc/postfix/sasl_passwd
add:
[smtp.gmail.com]:587 name@somedomain.org:password

Make sure it starts at boot. If you don’t want this, skip this!
sudo vi /System/Library/LaunchDaemons/org.postfix.master.plist
after:
</dict>
add this:
<key>RunAtLoad</key>
<true/>

Finally:
sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd

Then stop postfix:
sudo launchctl stop org.postfix.master
And start it again (so it reads the config changes):
sudo launchctl start org.postfix.master
sudo postfix start

Check it’s listening:
netstat -an | grep LISTEN | grep 25
It should output something like this:
tcp6 0 0 ::1.25 *.* LISTEN
tcp4 0 0 127.0.0.1.25 *.* LISTEN

You can test it like so:
df -kH | mail -s “contents” your@yourdomain.com

Disclaimer:
1) You can screw your postfix if you don’t pay attention. Be carefull.
2) gmail was used as an example. I’m not endorsed, sponsored or whatever.

This is based on:
Using MacOSX Lion command line mail with Gmail as SMTP
Mac OS X 10.10 Yosemite Postfix SASL authentication failed

How to setup NTPd on OS X

So if you would like to have a Mac acting as a ntp server, the steps are pretty straightforward. This works on all recent client and server versions of OS X.

1) Unload the ntp plist (most definitely needed on the server OS):
launchctl unload /System/Library/LaunchDaemons/org.ntp.ntpd.plist

2) Modify the ntp-restrict.conf
The following lines in the file:
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
Should become:
restrict default kod nomodify notrap nopeer
restrict -6 default kod nomodify notrap nopeer

Basically the ‘noquery’ needs to be removed.

3) Load the ntp plist.
launchctl load /System/Library/LaunchDaemons/org.ntp.ntpd.plist

That’s it! Piece of raw brownie (better than cake, trust me).
Then modify whatever box that needs an ntp server to point to you freshly modified Mac.

Get the latest BlackBerry App World update; without getting stuck in the loop.

Browse to this link with your BB to get the latest App World update; without getting stuck in the ‘You need to update App World before you can download App World using the App World app’-loop.

http://mobileapps.blackberry.com/devicesoftware/entry.do?code=appworld

Solved: “[Firmware Bug] ACPI No _BQC method”, initial brightness problem when installing Linux

Tried to install OpenElec and Ubuntu on a mini-ITX Sapphire White system and every time I tried to run the installer, I got a blank screen.
So I booted OpenElec (and Ubuntu) without the ‘quiet’ option from the kernel parameters and I was able to see this error:

[Firmware Bug] ACPI No _BQC method, cannot determine initial brightness

IMG_4599

My system is NOT a laptop so I don’t care about brightness. Searching for a solution on the internet got me nowhere; it involved recompiling kernels but that’s not very useful when I still need to install the Linux distribution.

But I found a solution! Forcing this entry into the kernel parameters while booting the installer:

acpi_backlight=vendor

… it solved my problems! So, OpenElec and Ubuntu are now installing without problems.

BUT, don’t forget to modify your installed distro to reflect the same parameter! If you use OpenElec, you’ll need to manually add the parameter when booting it, SSH into your box and remount the /flash mount as RW (mount -o remount,rw /flash), so you can edit the syslinux.cfg file and add the parameter.

Raspberry Pi (rPi) and Pi-Lite led board testing

Got this little gem: http://shop.ciseco.co.uk/pi-lite-lots-of-leds-for-the-raspberry-pi-0805-red/

And this python script to make it talk:

#!/usr/bin/env python

# Pi-Lite init part...
import serial
from time import sleep
baud = 9600
port = '/dev/ttyAMA0'
ser = serial.Serial(port, baud)
ser.timeout = 0
ser.flushInput()

# And from here, the actual programming !

import sys
ser.write(sys.argv[1])

Use it like this:

python write.py "Hello, my name is Dick"

Cisco SG300 / SG500 switch SSH Public key authentication

Argh! I wasn’t able to paste my public SSH key into the switch’s GUI (keeps on giving me a very annoying error:

Invalid key string.
When a Key is entered, it should contain the “BEGIN” and “END” markers.

So, let’s try the CLI. I presume you already know how to handle a Cisco from the terminal.

- Enable ssh-server on the switch

switchxxxxxx(config)# ip ssh server

- Enable public key authentication

switchxxxxxx(config)# ip ssh pubkey-auth auto-login

- Add a user:

switchxxxxxx(config)# username martijn password SecretPassword privilege 15

- Then, add user’s public key

switchxxxxxx(config)# crypto key pubkey-chain ssh
switchxxxxxx(config-pubkey-chain)# user-key martijn rsa
switchxxxxxx(config-pubkey-key)# key-string

(paste your id_rsa.pub here)

- Check if the fingerprint is correct:

switchxxxxxx# show crypto key pubkey-chain ssh

Username Fingerprint
————– —————————————————————
martijn 35:ea:60:06:fc:d7:f7:d3:3b:d1:0f:10:63:f7:0b:02

Now try to ssh to your switch; no password should be asked.

SkyCity 802.11n USB 2.0 driver for Windows

Bought a very cheap DealExtreme WiFi USB adapter with this info:

Driver Information for Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter / ECS H61H2-M3
Device Name
Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter
Hardware ID
USB\VID_0BDA&PID_8176&REV_0200
USB\VID_0BDA&PID_8176 <—- Device ID matches with our database

Compatible IDs:
USB\CLASS_FF&SUBCLASS_FF&PROT_FF
USB\CLASS_FF&SUBCLASS_FF
USB\CLASS_FF

Version
1006.1.713.2010,2010-07-13
Device Type
net
Driver Version
1015.6.210.2012
OS Support
2K,XP,2K3,VISTA,WIN7,WIN8/32bits
Driver Date
2012-02-10
Manufacturer
Realtek Semiconductor Corp.

And finally found a working Windows driver:

http://www1.medion.de/downloads/index.pl?op=detail&id=11727&type=treiber&lang=us

Just wanted to share :-)

Sophos / Astaro UTM – Limit and separate SMTP Proxy IP addresses

As a default, Sophos / Astaro UTM’s SMTP Proxy listens on all external IP addresses. Quite annoying if you have an internal mail server that you want to let your external users use for sending (authenticated) emails, since UTM will intercept all SMTP traffic.

Here’s how I solved that (only works if you have at least 2 public IP addresses).

- NAT one external public IP address to your internal mail server (so forward at least ports 25, 465, 587; use the IP address that you use for (example) mail.yourdomain.com. In this example I use 23.37.149.232 (WAN – FW2)
NAT to mailserver

- enable SMTP proxy on your UTM (your UTM will now listen on all your external public IP addresses)

- configure SMTP routing to forward MX emails to your internal server
SMTP proxy routing

- SSH to your UTM and become root

- with vi, edit this file: /var/storage/chroot-smtp/etc/exim.conf

- edit this line, remove the # and enter your public IP address to reflect your MX record (like mx.yourdomain.com):
local_interfaces = 23.37.149.233:81.37.153.126:59.94.132.164
(I have 3 SDSL lines on my Sophos UTM box, separate each entry with semicolons)

- restart your EXIM service:
/var/mdw/scripts/smtp restart

Check you SMTP Proxy log file, something like this should appear:
listening for SMTP on [23.37.149.233]:25 [23.37.149.233]:587 [81.37.153.126]:25 [81.37.153.126]:587 [59.94.132.164]:25 [59.94.132.164:587]

Done. Now, Sophos UTM will intercept your incoming MX traffic (and if setup right, forward non-junk emails to your internal mail server) while the other IP address is useable for your users as an authenticated relay-server. 23.37.149.232 is used directly by the mail server, 23.37.149.233, 81.37.153.126 and 59.94.132.164 by Sophos as incoming MX server.