2 files changed, 9 insertions, 3 deletions

diff --git a/roles/common/files/etc/postfix/master.cf b/roles/common/files/etc/postfix/master.cf
index dd49d31..d9722ef 100644
--- a/roles/common/files/etc/postfix/master.cf
+++ b/roles/common/files/etc/postfix/master.cf
@@ -16,20 +16,21 @@ tlsmgr    unix  -       -       -       1000?   1       tlsmgr
 rewrite   unix  -       -       -       -       -       trivial-rewrite
 bounce    unix  -       -       -       -       0       bounce
 defer     unix  -       -       -       -       0       bounce
 trace     unix  -       -       -       -       0       bounce
 verify    unix  -       -       -       -       1       verify
 flush     unix  n       -       -       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
 proxywrite unix -       -       n       -       1       proxymap
 smtp      unix  -       -       -       -       -       smtp
 relay     unix  -       -       -       -       -       smtp
 #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
 showq     unix  n       -       -       -       -       showq
 error     unix  -       -       -       -       -       error
 retry     unix  -       -       -       -       -       error
 discard   unix  -       -       -       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
 lmtp      unix  -       -       -       -       -       lmtp
 anvil     unix  -       -       -       -       1       anvil
 scache    unix  -       -       -       -       1       scache
+16132     inet  n       -       -       -       -       smtpd
diff --git a/roles/common/files/etc/samhain/samhainrc b/roles/common/files/etc/samhain/samhainrc
index 200cdc6..1fd9d42 100644
--- a/roles/common/files/etc/samhain/samhainrc
+++ b/roles/common/files/etc/samhain/samhainrc
@@ -495,70 +495,70 @@ SyslogSeverity=alert
 ## (this is not honoured on database initialisation)
 #
 # Daemon = no
 Daemon = yes
 
 ## whether to test signature of files (init/check/none)
 ## - if 'none', then we have to decide this on the command line -
 #
 # ChecksumTest = none
 ChecksumTest=check
 
 ## whether to drop linux capabilities that are not required
 ## - will make a root process a 'mere mortal' in many respects
 #
 # UseCaps = yes
 
 ## Set nice level (-19 to 19, see 'man nice'),
 ## and I/O limit (kilobytes per second; 0 == off)
 ## to reduce load on host.
 #
-# SetNiceLevel = 0
+SetNiceLevel = 19
 # SetIOLimit = 0
 
 ## The version string to embed in file signature databases
 #
 # VersionString = NULL
 
 ## Interval between time stamp messages
 #
 # SetLoopTime = 60
-SetLoopTime = 600
+SetLoopTime = 21600
 
 ## Interval between file checks 
 #
 # SetFileCheckTime = 600
 SetFileCheckTime = 7200
 
 ## Alternative: crontab-like schedule
 #
 # FileCheckScheduleOne = NULL
 
 ## Alternative: crontab-like schedule(2)
 #
 # FileCheckScheduleTwo = NULL
 
 ## Report only once on modified fles 
 ## Setting this to 'FALSE' will generate a report for any policy 
 ## violation (old and new ones) each time the daemon checks the file system.
 #
-# ReportOnlyOnce = True
+ReportOnlyOnce = True
 
 ## Report in full detail
 #
 # ReportFullDetail = False
 
 ## Report file timestamps in local time rather than GMT
 #
 # UseLocalTime = No
 
 ## The console device (can also be a file or named pipe)
 ## - There are two console devices. Accordingly, you can use
 ##   this directive a second time to set the second console device.
 ##   If you have not defined the second device at compile time,
 ##   and you don't want to use it, then:
 ##   setting it to /dev/null is less effective than just leaving
 ##   it alone (setting to /dev/null will waste time by opening
 ##   /dev/null and writing to it)
 #
 # SetConsole = /dev/console
 
@@ -574,41 +574,46 @@ SetFileCheckTime = 7200
 
 ## --- E-Mail ---
 
 # Only highest-level (alert) reports will be mailed immediately,
 # others will be queued. Here you can define, when the queue will
 # be flushed (Note: the queue is automatically flushed after
 # completing a file check).
 #
 SetMailTime = 86400
 
 ## Maximum number of mails to queue
 #
 SetMailNum = 10
 
 ## Recipient (max. 8)
 #
 SetMailAddress = admin@fripost.org
 
 ## Mail relay (IP address)
 #
+# XXX: it's unfortunate that samhain cannot use the sendmail binary. We
+# use a custom port here to avoid conflicts with the usual SMTP port the
+# MX:es need to listen on.
+# See also: /usr/share/doc/samhain/TODO.Debian
 SetMailRelay = 127.0.0.1
+SetMailPort = 16132
 
 ## Custom subject format
 #
 MailSubject = [Samhain at %H] %T: %S
 
 ## --- end E-Mail ---
 
 ## Path to the prelink executable
 #
 # SetPrelinkPath = /usr/sbin/prelink
 
 ## TIGER192 checksum of the prelink executable
 #
 # SetPrelinkChecksum = (no default)
 
 
 ## Path to the executable. If set, will be checksummed after startup
 ## and before exit.
 #
 # SamhainPath = (no default)