Apticron is very easy to set up, it’s in the repositories and requires basically no configuration.  It will drop a script in /etc/cron.daily and that is about it, emailing any reports to root.  Of course this can be modified through a .forward or an entry in /etc/aliases.

Logcheck is fairly simple to set up as well – it is also in the repositories.  Once installed, edit the /etc/logcheck/logcheck.conf file to configure.  The first thing you will want to set is the REPORTLEVEL setting, options are “workstation”, “server” (default value), or “paranoid”.  I use server on mine, which gives a good amount of detail. I would advise against using paranoid unless the server is extremely locked down and users do not typically login.  Workstation is good for a desktop environment.  The only other variable I edited was SENDMAILTO.  Logcheck works by basically comparing each  logentry against a set of regular expressions and generate a report if it does not match.  I had to modify one or two regex’s slightly to fix false positives, if you want my changes just ask and I’ll send them over.

One other small gem I want to mention : gkrellm.  I use this on both my desktop and server, it is invaluable for providing real-time system performance metrics.  Sure, it does not have any logging capabilities and thus unsuitable in a large-scale environment but for keeping an eye on one or two boxes it fits the bill quite nicely.

Here are some basic configuration steps.  We will be using mail.myrelayhost.com and testing delivery to bob@aol.com as an example.  I have not tested this with DynDNS relaying in some time now but I see no reason that would prevent it from working if you use their service.  Note: These commands must be run with root permissions via sudo.

Configuration

1. Setup a password maps file /etc/postfix/sasl_passwd with the following:

   mail.myrelayhost.com    username:password

2. Secure it with the following:

   chown root:root /etc/postfix/sasl_passwd
   chmod 600 /etc/postfix/sasl_passwd
   postmap /etc/postfix/sasl_passwd

3. Edit /etc/postfix/main.cf, adding/or editing the following:

   relayhost = mail.myrelayhost.com:port
   smtp_sasl_auth_enable = yes
   smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

   You can also edit /etc/mailname to change the domain/hostname outbound emails appeared to be delivered from (assuming main.cf has an entry “myorigin = /etc/mailname” which should be there by default)

4. Reload postfix: [ postfix reload ]
5. SASL libraries may need to be installed. On my Hardy machines, I have the following packages installed:

   root@eternal:~# dpkg -l *sasl* | grep -G '^ii'
   ii  libgsasl7                                 0.2.21-1                            GNU SASL library
   ii  libsasl2-2                                2.1.22.dfsg1-18ubuntu2              Cyrus SASL - authentication abstraction libr
   ii  libsasl2-modules                          2.1.22.dfsg1-18ubuntu2              Cyrus SASL - pluggable authentication module

6. Optional: Since we are going this far it makes sense to configure /etc/aliases as well.  This will allow us to forward the mail delivered to a local user to an external address instead:

   root@eternal:~# cat /etc/aliases
   # Added by installer for initial user
   root:   rigel@mydomain.net
   adechiaro:  adechiaro@mydomain.net

Testing/Debugging Steps

1. Check to see if Postfix recognizes your password maps (should return your username/password):

   postmap -q mail.myrelayhost.com /etc/postfix/sasl_passwd

2. Do a basic outbound email delivery test to a working email account:

   echo "relaying works!" | mailx bob@aol.com

   Check /var/log/mail.log (or similar) to see if the message was delivered correctly:

   Oct 18 13:01:04 eternal postfix/pickup[6410]: A88AF25E79: uid=1000 from=<anthony>
   Oct 18 13:01:04 eternal postfix/cleanup[6507]: A88AF25E79: message-id=<20081025170104.A88AF25E79@eternal>
   Oct 18 13:01:04 eternal postfix/qmgr[6411]: A88AF25E79: from=<anthony@eternal>, size=397, nrcpt=1 (queue active)
   Oct 18 13:01:05 eternal postfix/smtp[6521]: A88AF25E79: to=<bob@aol.com>, relay=myrelayhost.com[208.67.217.132]:25, delay=0.55, delays=0.03/0.01/0.22/0.29, dsn=2.0.0, status=sent (250 OK id=1KtmVL-0000ol-RU)
   Oct 18 13:01:05 eternal postfix/qmgr[6411]: A88AF25E79: removed

3. If getting SASL authentication errors, check your postfix options (either postconf command or main.cf file).  By default Postfix will not send cleartext passwords.  If your host only allows PLAIN or LOGIN methods, you will need to remove noplaintext from the SASL security options:

   postconf -e smtp_sasl_security_options=noanonymous
   postfix reload

4. If you are using GMail SMTP (or other large-scale host which uses load balancing) I’ve read the following might be necessary:

   postconf -e smtp_cname_overrides_servername=no

   If this resolves the problem, it’s due to the fact the server you specify in sasl_passwd might actually get delivered to a server with a different hostname.  Port 587 may be necessary for GMail as well.

*No affiliation with DynDNS, except for being a satified customer

Update (Nov 02): I also found an application called ssmtp which does a similar thing, it may be easier to configure and use although I have no experience with it.  You can see how to configure it here.

Update 2 (Nov 12): Just recently saw an article from my ubuntu-tutorials.com RSS feed on SMTP relaying with Postfix through GMail.