OSSEC email notification failed to send an email

2019-06-17 06:34发布

问题:

I am getting an error when trying to get the ossec features: email notification. I used my Gmail account for this case. I have tried this tutorial, but i couldn't get any email from that. I got the error log inside with warn Mail not accepted by server. It was located at /var/ossec/logs/ossec.log you could see the log below.

2017/10/06 20:05:18 os_sendmail(1764): WARN: Mail from not accepted by server
2017/10/06 20:05:18 ossec-maild(1223): ERROR: Error Sending email to 74.125.200$
2017/10/06 20:05:58 ossec-syscheckd: INFO: Starting syscheck scan (forwarding d$
2017/10/06 20:05:58 ossec-syscheckd: INFO: Starting syscheck database (pre-scan$
2017/10/06 20:05:58 ossec-syscheckd: INFO: Initializing real time file monitori$

Here are my configuration for email in ossec.conf located at /var/ossec/etc/ossec.conf

 <global>
    <email_notification>yes</email_notification>
    <email_to>myrealemailaccount@gmail.com</email_to>
    <smtp_server>smtp.gmail.com.</smtp_server>
    <email_from>ossecm@gantz-X450CC</email_from>
    <email_maxperhour>20</email_maxperhour>
    <email_from>myrealemailaccount@gmail.com</email_from>
  </global>

I have filled my <smtp_server> to smtp.gmail.com. And nothing's change. Its still got the error message at my ossec.log

How can i fix this ? I installing this application on Ubuntu Server: 16.04

回答1:

I finally got the solution. For my case, i used Postfix to connect my account gmail to my localhost. If you have your own dedicated Email server, like in your server, it woud be great, rather than using gmail.

  1. Make sure you have update your linux.

    apt-get update
    
  2. Install postfix via terminal , if you cant install postfix, try changing your repositories location in /etc/sources.list and than update your linux in using apt-get update, untill you can run below command

    sudo apt-get install postfix
    

    or

    sudo apt-get install mailutils
    

    that will install Postfix as well as a few other programs needed for . After that you will get option, choose Internet Site

  3. Configure the Postfix

    Search main.cf at /etc/postfix/main.cf, edit the file using nano. Add this syntax at the end of file.

    relayhost = [smtp.gmail.com]:587
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options = noanonymous
    smtp_tls_CAfile = /etc/postfix/cacert.pem
    smtp_use_tls = yes
    

    Edit sasl_passwd at /etc/postfix/sasl_passwd, edit the file and add below line to sasl_passwd file:

    [smtp.gmail.com]:587    your_email_here:your_password here
    

    You should put your email that you want to as a sender of ossec email notification on that `sasl_pawd. Not as a receiver.

  4. Edit your /var/ossec/etc/ossec.conf, and change your SMTP to tour local ip like 127.0.0.1 or localhost

      <global>
       <email_notification>yes</email_notification>
       <email_to>your email that want to be send to</email_to>
       <smtp_server>localhost</smtp_server>
       <email_from>127.0.0.1</email_from> #if 127.0.0.1 didnt work ,try same email address which you put in your sasl passwd 
       <email_maxperhour>100</email_maxperhour>
      </global>
    

Updated 22/05/2018

For further configuration, please read this tutorial and this



回答2:

You have two tags <email_from> Make sure you leave the gmail one. If not, make sure ossecm@gantz-X450CC is a valid domain.

Also not sure you've seen the extra dot in

<smtp_server>smtp.gmail.com.</smtp_server>