Posts

Using Homebridge and Broadlink RM Mini to automate

Image
In this post, I'll be documenting how I configured a Broadlink RM Mini to work with HomeKit using the Homebridge server I built in my last post . The Broadlink RM Mini is a small IR Blaster that sits on the coffee table and sends IR signals when requested. They're cheap, and they work: In hindsight, for a little more you can also get the RM Pro which (I found out later) includes a thermometer. I added a DS18D20 thermometer to my Raspberry Pi to get around this mess up. To start with, you'll need to unpack your RM Mini and get it setup on your network. To do this, you'll need to download their "e-Control" app and follow through the setup. There's a good summary of these steps here: https://spectrum.co.ae/blogs/technology/how-to-configure-broadlink-devices, you can just stop before step 5 if you don't plan to use the e-Control application. Now we need to add homebridge-broadlink-rm to our Raspberry Pi. Connect to the pi console, SSH or local

Using HomeBridge on a Raspberry Pi to control devices from HomeKit

Image
If you’ve got a selection of devices that you’d like to control using iOS HomeKit, setting up homebridge might be a good solution. In short, it’s a platform which acts as a “bridge” between your devices and “HomeKit”. There are MANY plugins available for it: https://www.npmjs.com/search?q=homebridge. Here’s how I use it: I have a Broadlink RM Mini that controls my AC, TV, Radio and a digital photo frame using homebridge-broadlink-rm: https://www.npmjs.com/package/homebridge-broadlink-rm  I have it enable/disable an indoor camera using MotionEye using homebridge-script2: https://www.npmjs.com/package/homebridge-script2  With all those plugins, the options are almost endless if the device is connected to the network. To do this I use a Raspberry Pi 2. To get started, you’ll need to have raspbian installed and running. To do this, there are various guides available, including this official one: https://projects.raspberrypi.org/en/projects/raspberry-pi-getting-started. Now we c

Setup your own email server (MTA) on the cheap - part 7

All going well, this should be the last part of my posts about configuring Postfix as an MTA . This configuration arose because I happened to be looking at my mail.log file while someone in the Ukraine was trying again and again to log in to my server. So, I installed Fail2Ban. Fail2Ban is a clever tool that watches the log files you configure and when suspicious activity is found, it uses iptables (a linux firewall) to block the source of traffic. This tool is built for our setup so it’s relatively straight forward to setup: 1. Install Fail2Ban: sudo apt-get install fail2ban  2. In your favourite editor, create a file /etc/fail2ban/jail.local . This is where all the rules should be customised. Default rules are in jail.conf but these should be left (and will be updated in new versions) so customisation are all in your local file. This is the text I add to my jail.local file: 4. Finally, reload everything and you should be on your way sudo service fail2ban restart

Setup your own email server (MTA) on the cheap - part 6

You’ve now got an MTA using PostFix and it works beautifully – and in my case it has been for a month now. If you’re paying attention there are a couple of things you may have noticed. When you go to “Show Original” in Gmail it shows that SPF on incoming messages has failed. After a while Gmail’s SMTP server will respond that they’re throttling you because of the quantity of suspicious mail you send. Gmail doesn’t actually have an issue with the quantity of mail, it has an issue with the quantity of messages that are failing DKIM or, in our case, SPF.  Fortunately, some people smarter than me have already thought of this issue and built postsrsd. Here’s what I did to set this up: 1. Install postsrsd, of course: sudo apt-get install postsrsd 2. Update postfix to use postsrsd: sudo postconf -e "sender_canonical_maps = tcp:127.0.0.1:10001" sudo postconf -e "sender_canonical_classes = envelope_sender" sudo postconf -e "recipient_canonical_maps

Setup your own email server (MTA) on the cheap - part 5

Our PostFix based MTA has been running well now, and all these last changes are just securing the server from SPAM and Viruses. Traditionally SPF was a great protection from SPAM which works by comparing the server sending the message to a DNS record to confirm the validity of the sending server. A great system but it's far from perfect, and most implementations could be generously described as half arsed. To improve on SPF DKIM has been developed which uses keys to sign sent messages, then the receiving server can pull a DNS record to confirm the validity of the mail it's receiving. To do this we're going to install and use opendkim.     1. Install opendkim, of course:      sudo apt-get install opendkim opendkim-tools     2. Open /etc/opendkim.conf in your favourite editor and set these four lines:      Domain          mydomain.com      KeyFile         /etc/postfix/dkim.key      Selector        mail      SOCKET          inet:8891@localhost     2a. I've complic

Setup your own email server (MTA) on the cheap - part 4

We’ve already built our POSTFIX based MTA and its relaying mail to our target mailbox. We’ve already added SPAM Protection, but what about Viruses. ClamAV is a well-known, and well reputed, antivirus for Linux. They also have a daemon called clamsmtp which we can have look over our mail and make sure we’re not passing along any viruses. These are the steps I followed to add AV scanning.     1. First, let’s install ClamAV and ClamSMTP      sudo apt-get install clamsmtp     2. Now, let’s configure it. Open /etc/clamsmtpd.conf in your favourite editor. Most lines will be left but update these two configuration lines      This bug appears to be resolved in the latest version.     3. There is a small bug at the moment with permissions on some files, to correct these, run these commands:      sudo chown -R clamav:clamav /var/run/clamav/      sudo chown -R clamav:clamav /var/spool/clamsmtp      sudo chown -R clamav:clamav /var/run/clamsmtp/     4. Now, let’s hook it in to PO

Setup your own email server (MTA) on the cheap - part 3

Now we’ve got everything working with our MTA , we need to lock it down. If you’re redirecting SPAM to Gmail there’s a risk that they’ll identify you as a SPAMMER and blacklist your IP address. To reduce this risk, we’ll install SpamAssassin to filter messages before we forward them.        1. First, install SpamAssassin      sudo apt-get install spamassassin     And its requirements:      sudo apt-get install libmail-dkim-perl libcrypt-openssl-random-perl libcrypt-openssl-rsa-perl     2. Setup a user and group for the daemons:      sudo groupadd spamd      sudo useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd     3. Setup a folder for the logs:      sudo mkdir /var/log/spamassassin      sudo chown spamd:spamd /var/log/spamassassin     4. Now, the fun starts. Update the configuration. First, edit /etc/spamassassin/local.cf. you can have some fun tweaking things here but these are the settings I change, and they work well for me:     5. Configur