OSSEC email notification failed to send an email

2019-06-17 06:23发布

站内问答 / 后端开发
1975 2 5

I am getting an error when trying to get the ossec features: email notification. I used my Gmail account for this case. I have tried this tutorial, but i couldn't get any email from that. I got the error log inside with warn Mail not accepted by server. It was located at /var/ossec/logs/ossec.log you could see the log below.

2017/10/06 20:05:18 os_sendmail(1764): WARN: Mail from not accepted by server
2017/10/06 20:05:18 ossec-maild(1223): ERROR: Error Sending email to 74.125.200$
2017/10/06 20:05:58 ossec-syscheckd: INFO: Starting syscheck scan (forwarding d$
2017/10/06 20:05:58 ossec-syscheckd: INFO: Starting syscheck database (pre-scan$
2017/10/06 20:05:58 ossec-syscheckd: INFO: Initializing real time file monitori$

Here are my configuration for email in ossec.conf located at /var/ossec/etc/ossec.conf

 <global>
    <email_notification>yes</email_notification>
    <email_to>myrealemailaccount@gmail.com</email_to>
    <smtp_server>smtp.gmail.com.</smtp_server>
    <email_from>ossecm@gantz-X450CC</email_from>
    <email_maxperhour>20</email_maxperhour>
    <email_from>myrealemailaccount@gmail.com</email_from>
  </global>

I have filled my <smtp_server> to smtp.gmail.com. And nothing's change. Its still got the error message at my ossec.log

How can i fix this ? I installing this application on Ubuntu Server: 16.04

2条回答
神经病院院长
2楼-- · 2019-06-17 07:10

I finally got the solution. For my case, i used Postfix to connect my account gmail to my localhost. If you have your own dedicated Email server, like in your server, it woud be great, rather than using gmail.

  1. Make sure you have update your linux. 

    apt-get update

  2. Install postfix via terminal , if you cant install postfix, try changing your repositories location in /etc/sources.list and than update your linux in using apt-get update, untill you can run below command

    sudo apt-get install postfix

    or

    sudo apt-get install mailutils

    that will install Postfix as well as a few other programs needed for . After that you will get option, choose Internet Site

  3. Configure the Postfix

    Search main.cf at /etc/postfix/main.cf, edit the file using nano. Add this syntax at the end of file.

    relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes

    Edit sasl_passwd at /etc/postfix/sasl_passwd, edit the file and add below line to sasl_passwd file:

    [smtp.gmail.com]:587    your_email_here:your_password here

    You should put your email that you want to as a sender of ossec email notification on that `sasl_pawd. Not as a receiver.

  4. Edit your /var/ossec/etc/ossec.conf, and change your SMTP to tour local ip like 127.0.0.1 or localhost

      <global>
   <email_notification>yes</email_notification>
   <email_to>your email that want to be send to</email_to>
   <smtp_server>localhost</smtp_server>
   <email_from>127.0.0.1</email_from> #if 127.0.0.1 didnt work ,try same email address which you put in your sasl passwd 
   <email_maxperhour>100</email_maxperhour>
  </global>

Updated 22/05/2018

For further configuration, please read this tutorial and this

查看更多
0人赞 添加讨论(0) 举报
欢心
3楼-- · 2019-06-17 07:22

You have two tags <email_from> Make sure you leave the gmail one. If not, make sure ossecm@gantz-X450CC is a valid domain.

Also not sure you've seen the extra dot in

<smtp_server>smtp.gmail.com.</smtp_server>
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)