SMTP server with authentication not working
566 views
Skip to first unread message
Naser Aslam
Apr 28, 2022, 11:58:39 AM4/28/22
to Wazuh mailing list
Hi dear wazuh community,
Apr 28 08:50:52 d-svr-waz-wm postfix/qmgr[12121]: 359E4441068: from=<hafiznas...@gmail.com>, size=371, nrcpt=1 (queue active)
Apr 28 08:50:52 d-svr-waz-wm postfix/smtp[16663]: 359E4441068: to=<hafiznas...@gmail.com>, relay=smtp.mxthunder.net[108.60.195.205]:587, delay=0.61, delays=0.03/0.02/0.5/0.05, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[108.60.195.205] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 28 08:50:52 d-svr-waz-wm postfix/cleanup[16661]: D6877441069: message-id=<20220428155052.D6877441069@d-svr-waz-wm>
Apr 28 08:50:52 d-svr-waz-wm postfix/bounce[16664]: 359E4441068: sender non-delivery notification: D6877441069
Apr 28 08:50:52 d-svr-waz-wm postfix/qmgr[12121]: D6877441069: from=<>, size=2393, nrcpt=1 (queue active)
Apr 28 08:50:52 d-svr-waz-wm postfix/qmgr[12121]: 359E4441068: removed
Apr 28 08:50:53 d-svr-waz-wm postfix/smtp[16663]: D6877441069: to=<hafiznas...@gmail.com>, relay=smtp.mxthunder.net[108.60.195.205]:587, delay=0.57, delays=0/0/0.51/0.05, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[108.60.195.205] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 28 08:50:52 d-svr-waz-wm postfix/qmgr[12121]: 359E4441068: from=<hafiznas...@gmail.com>, size=371, nrcpt=1 (queue active)
Apr 28 08:50:52 d-svr-waz-wm postfix/smtp[16663]: 359E4441068: to=<hafiznas...@gmail.com>, relay=smtp.mxthunder.net[108.60.195.205]:587, delay=0.61, delays=0.03/0.02/0.5/0.05, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[108.60.195.205] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 28 08:50:52 d-svr-waz-wm postfix/cleanup[16661]: D6877441069: message-id=<20220428155052.D6877441069@d-svr-waz-wm>
Apr 28 08:50:52 d-svr-waz-wm postfix/bounce[16664]: 359E4441068: sender non-delivery notification: D6877441069
Apr 28 08:50:52 d-svr-waz-wm postfix/qmgr[12121]: D6877441069: from=<>, size=2393, nrcpt=1 (queue active)
Apr 28 08:50:52 d-svr-waz-wm postfix/qmgr[12121]: 359E4441068: removed
Apr 28 08:50:53 d-svr-waz-wm postfix/smtp[16663]: D6877441069: to=<hafiznas...@gmail.com>, relay=smtp.mxthunder.net[108.60.195.205]:587, delay=0.57, delays=0/0/0.51/0.05, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[108.60.195.205] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 28 08:50:53 d-svr-waz-wm postfix/qmgr[12121]: D6877441069: removed`
I have configured SMTP server using postfix as relay. My configuration and logs files are give below.
Configuration in /etc/postfix/main.cf
`myhostname = d-svr-waz-wm
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, wazuh.cluster, localhost, localhost.localdomain, localhost
relayhost = smtp.mxthunder.net:587
smpt_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_use_tls = yes`
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, wazuh.cluster, localhost, localhost.localdomain, localhost
relayhost = smtp.mxthunder.net:587
smpt_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_use_tls = yes`
Step 3: Configure the email address and password:
`echo smtp.mxthunder.com:587 dataperfect.com:PASSWORD > /etc/postfix/sasl_passwd`
But second step in step no. 3 is as follows.
postmap /etc/postfix/sasl_passwd # This shows error as bash: postmap: command not found
Configuration in /var/ossec/etc/ossec.conf
<ossec_config>
<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>yes</email_notification>
<smtp_server>localhost</smtp_server>
<email_from>hafiznas...@gmail.com</email_from>
<email_to>hafiznas...@gmail.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<agents_disconnection_time>10m</agents_disconnection_time>
<agents_disconnection_alert_time>0</agents_disconnection_alert_time>
</global>
<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>yes</email_notification>
<smtp_server>localhost</smtp_server>
<email_from>hafiznas...@gmail.com</email_from>
<email_to>hafiznas...@gmail.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<agents_disconnection_time>10m</agents_disconnection_time>
<agents_disconnection_alert_time>0</agents_disconnection_alert_time>
</global>
Logs in /var/log/mail.info
`Apr 28 08:50:52 d-svr-waz-wm postfix/pickup[16529]: 359E4441068: uid=0 from=<hafiznas...@gmail.com>
Apr 28 08:50:52 d-svr-waz-wm postfix/cleanup[16661]: 359E4441068: message-id=<20220428155052.359E4441068@d-svr-waz-wm>Apr 28 08:50:52 d-svr-waz-wm postfix/qmgr[12121]: 359E4441068: from=<hafiznas...@gmail.com>, size=371, nrcpt=1 (queue active)
Apr 28 08:50:52 d-svr-waz-wm postfix/smtp[16663]: 359E4441068: to=<hafiznas...@gmail.com>, relay=smtp.mxthunder.net[108.60.195.205]:587, delay=0.61, delays=0.03/0.02/0.5/0.05, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[108.60.195.205] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 28 08:50:52 d-svr-waz-wm postfix/cleanup[16661]: D6877441069: message-id=<20220428155052.D6877441069@d-svr-waz-wm>
Apr 28 08:50:52 d-svr-waz-wm postfix/bounce[16664]: 359E4441068: sender non-delivery notification: D6877441069
Apr 28 08:50:52 d-svr-waz-wm postfix/qmgr[12121]: D6877441069: from=<>, size=2393, nrcpt=1 (queue active)
Apr 28 08:50:52 d-svr-waz-wm postfix/qmgr[12121]: 359E4441068: removed
Apr 28 08:50:53 d-svr-waz-wm postfix/smtp[16663]: D6877441069: to=<hafiznas...@gmail.com>, relay=smtp.mxthunder.net[108.60.195.205]:587, delay=0.57, delays=0/0/0.51/0.05, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[108.60.195.205] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 28 08:50:53 d-svr-waz-wm postfix/qmgr[12121]: D6877441069: removed`
Logs in /var/log/mail.log
`Apr 28 08:50:52 d-svr-waz-wm postfix/pickup[16529]: 359E4441068: uid=0 from=<hafiznas...@gmail.com>
Apr 28 08:50:52 d-svr-waz-wm postfix/cleanup[16661]: 359E4441068: message-id=<20220428155052.359E4441068@d-svr-waz-wm>Apr 28 08:50:52 d-svr-waz-wm postfix/qmgr[12121]: 359E4441068: from=<hafiznas...@gmail.com>, size=371, nrcpt=1 (queue active)
Apr 28 08:50:52 d-svr-waz-wm postfix/smtp[16663]: 359E4441068: to=<hafiznas...@gmail.com>, relay=smtp.mxthunder.net[108.60.195.205]:587, delay=0.61, delays=0.03/0.02/0.5/0.05, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[108.60.195.205] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 28 08:50:52 d-svr-waz-wm postfix/cleanup[16661]: D6877441069: message-id=<20220428155052.D6877441069@d-svr-waz-wm>
Apr 28 08:50:52 d-svr-waz-wm postfix/bounce[16664]: 359E4441068: sender non-delivery notification: D6877441069
Apr 28 08:50:52 d-svr-waz-wm postfix/qmgr[12121]: D6877441069: from=<>, size=2393, nrcpt=1 (queue active)
Apr 28 08:50:52 d-svr-waz-wm postfix/qmgr[12121]: 359E4441068: removed
Apr 28 08:50:53 d-svr-waz-wm postfix/smtp[16663]: D6877441069: to=<hafiznas...@gmail.com>, relay=smtp.mxthunder.net[108.60.195.205]:587, delay=0.57, delays=0/0/0.51/0.05, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[108.60.195.205] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 28 08:50:53 d-svr-waz-wm postfix/qmgr[12121]: D6877441069: removed`
Please let me know of you want anything else from my side. Thanks!
Carlos Ezequiel Bordon
Apr 28, 2022, 2:31:51 PM4/28/22
to Wazuh mailing list
Hi hafiznaseraslam92, regarding this error: bash: postmap: command not found.it is because postmap is not installed, this package should have been installed with the postfix package, which is indicated to install in the documentation, have you installed it?, you can check if you have the postfix package on the system by executing: postfix status.
Can you tell us on what system are you doing the installation? to be able to give you more help
Naser Aslam
Apr 28, 2022, 3:07:59 PM4/28/22
to Carlos Ezequiel Bordon, Wazuh mailing list
Hi Carlos,
I did install it on Wazuh-manager infect master. Yes, postfix is active. You can check the screenshot.
Secondly, there was no information on the guideline to install or anything about postmap. You can have a look if I am missing something.
Thanks a lot in advance for your help!
Regards
Hafiz Naser Aslam
Research Officer in "High Performance Computing & Networking Lab"
Al-Khawarizmi Institute Of Computer Science (KICS)
University Of Engineering and Technology (UET), Lahore
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/419fd980-9cba-438a-84ae-411986ac236dn%40googlegroups.com.
Carlos Ezequiel Bordon
Apr 28, 2022, 4:02:34 PM4/28/22
to Wazuh mailing list
Postmap should be included in the postfix package installation, but at least in centos or ubuntu, it is included, in which system are you performing the installation?
Another possibility is that postmap is not included in your PATH.
Check where the binary is located with one of the following options:
[root@centos7-1 ~]# which postmap
/sbin/postmap
/sbin/postmap
[root@centos7-1 ~]# find / -name postmap
/usr/sbin/postmap
/usr/sbin/postmap
Naser Aslam
Apr 28, 2022, 7:11:39 PM4/28/22
to Carlos Ezequiel Bordon, Wazuh mailing list
Hi Carlos,
I am using Debian 11. The OS information is given below.
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
Secondly, postmap file present on both paths i.e., /sbin/ and /usr/sbin/
The screenshots are attached below.
Regards
Hafiz Naser Aslam
Research Officer in "High Performance Computing & Networking Lab"
Al-Khawarizmi Institute Of Computer Science (KICS)
University Of Engineering and Technology (UET), Lahore
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/5b7c9c3d-41c1-4fe5-b63a-520927a6869cn%40googlegroups.com.
Naser Aslam
Apr 28, 2022, 7:31:52 PM4/28/22
to Carlos Ezequiel Bordon, Wazuh mailing list
Hi Carlos,
I have updated the path, I used postmap -v
It displays the following information. Please have a look at the attached screenshot.
Regards
Hafiz Naser Aslam
Research Officer in "High Performance Computing & Networking Lab"
Al-Khawarizmi Institute Of Computer Science (KICS)
University Of Engineering and Technology (UET), Lahore
Naser Aslam
Apr 29, 2022, 3:03:23 AM4/29/22
to Carlos Ezequiel Bordon, Wazuh mailing list
Hi Carlos,
I have updated the path and restarted the postfix service. But still unable to send any email.
I tried the following test command to send email but received no response in my inbox or spam folder.
echo "Test mail from postfix" | mail -s "Test Postfix" -r "hafiznas...@gmail.com" hafiznas...@gmail.com
Regards
Hafiz Naser Aslam
Research Officer in "High Performance Computing & Networking Lab"
Al-Khawarizmi Institute Of Computer Science (KICS)
University Of Engineering and Technology (UET), Lahore
Carlos Ezequiel Bordon
Apr 29, 2022, 7:43:29 AM4/29/22
to Wazuh mailing list
I see that the configuration was done with a domain of smtp.mxthunder.net, while you are trying to send an email from Gmail account.
Can you validate that this configuration is correct?
echo [smtp.gmail.com]:587 USER...@gmail.com:PASSWORD > /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
chmod 400 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
chmod 400 /etc/postfix/sasl_passwd
that the username and password correspond to valid users for the domain smtp.mxthunder.net
Naser Aslam
Apr 29, 2022, 1:38:00 PM4/29/22
to Carlos Ezequiel Bordon, Wazuh mailing list
Hi Carlos, I validated my login credentials using the following online testing tool. I got the test email from this test tool. The screenshot is also attached.
https://www.gmass.co/smtp-test
Then I re-configured my credentials according to the following guideline.
But when I sent the test email from the following command, I did not receive any email in my inbox or spam folder.
echo "Test mail from postfix" | mail -s "Test Postfix" -r "in...@dataperfect.com" hafiznas...@gmail.com
root@d-svr-waz-wm:~# tail -f /var/log/mail.log
Apr 29 08:16:49 d-svr-waz-wm postfix/pickup[63199]: A638A440C98: uid=0 from=<in...@dataperfect.com>
Apr 29 08:16:49 d-svr-waz-wm postfix/cleanup[63219]: A638A440C98: message-id=<20220429151649.A638A440C98@d-svr-waz-wm>
Apr 29 08:16:49 d-svr-waz-wm postfix/qmgr[63198]: A638A440C98: from=<in...@dataperfect.com>, size=364, nrcpt=1 (queue active)
Apr 29 08:16:50 d-svr-waz-wm postfix/smtp[63221]: A638A440C98: to=<hafiznas...@gmail.com>, relay=smtp.mxthunder.net[108.60.195.205]:25, delay=0.59, delays=0.03/0.04/0.47/0.05, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[108.60.195.205] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 29 08:16:50 d-svr-waz-wm postfix/cleanup[63219]: 50263440C99: message-id=<20220429151650.50263440C99@d-svr-waz-wm>
Apr 29 08:16:50 d-svr-waz-wm postfix/bounce[63223]: A638A440C98: sender non-delivery notification: 50263440C99
Apr 29 08:16:50 d-svr-waz-wm postfix/qmgr[63198]: 50263440C99: from=<>, size=2365, nrcpt=1 (queue active)
Apr 29 08:16:50 d-svr-waz-wm postfix/qmgr[63198]: A638A440C98: removed
Apr 29 08:16:50 d-svr-waz-wm postfix/smtp[63221]: 50263440C99: to=<in...@dataperfect.com>, relay=smtp.mxthunder.net[208.53.48.222]:25, delay=0.32, delays=0/0/0.29/0.02, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[208.53.48.222] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 29 08:16:50 d-svr-waz-wm postfix/qmgr[63198]: 50263440C99: removed
Apr 29 08:16:49 d-svr-waz-wm postfix/pickup[63199]: A638A440C98: uid=0 from=<in...@dataperfect.com>
Apr 29 08:16:49 d-svr-waz-wm postfix/cleanup[63219]: A638A440C98: message-id=<20220429151649.A638A440C98@d-svr-waz-wm>
Apr 29 08:16:49 d-svr-waz-wm postfix/qmgr[63198]: A638A440C98: from=<in...@dataperfect.com>, size=364, nrcpt=1 (queue active)
Apr 29 08:16:50 d-svr-waz-wm postfix/smtp[63221]: A638A440C98: to=<hafiznas...@gmail.com>, relay=smtp.mxthunder.net[108.60.195.205]:25, delay=0.59, delays=0.03/0.04/0.47/0.05, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[108.60.195.205] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 29 08:16:50 d-svr-waz-wm postfix/cleanup[63219]: 50263440C99: message-id=<20220429151650.50263440C99@d-svr-waz-wm>
Apr 29 08:16:50 d-svr-waz-wm postfix/bounce[63223]: A638A440C98: sender non-delivery notification: 50263440C99
Apr 29 08:16:50 d-svr-waz-wm postfix/qmgr[63198]: 50263440C99: from=<>, size=2365, nrcpt=1 (queue active)
Apr 29 08:16:50 d-svr-waz-wm postfix/qmgr[63198]: A638A440C98: removed
Apr 29 08:16:50 d-svr-waz-wm postfix/smtp[63221]: 50263440C99: to=<in...@dataperfect.com>, relay=smtp.mxthunder.net[208.53.48.222]:25, delay=0.32, delays=0/0/0.29/0.02, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[208.53.48.222] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 29 08:16:50 d-svr-waz-wm postfix/qmgr[63198]: 50263440C99: removed
root@d-svr-waz-wm:~# tail -f /var/log/mail.info
Apr 29 08:16:49 d-svr-waz-wm postfix/pickup[63199]: A638A440C98: uid=0 from=<in...@dataperfect.com>
Apr 29 08:16:49 d-svr-waz-wm postfix/cleanup[63219]: A638A440C98: message-id=<20220429151649.A638A440C98@d-svr-waz-wm>
Apr 29 08:16:49 d-svr-waz-wm postfix/qmgr[63198]: A638A440C98: from=<in...@dataperfect.com>, size=364, nrcpt=1 (queue active)
Apr 29 08:16:50 d-svr-waz-wm postfix/smtp[63221]: A638A440C98: to=<hafiznas...@gmail.com>, relay=smtp.mxthunder.net[108.60.195.205]:25, delay=0.59, delays=0.03/0.04/0.47/0.05, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[108.60.195.205] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 29 08:16:50 d-svr-waz-wm postfix/cleanup[63219]: 50263440C99: message-id=<20220429151650.50263440C99@d-svr-waz-wm>
Apr 29 08:16:50 d-svr-waz-wm postfix/bounce[63223]: A638A440C98: sender non-delivery notification: 50263440C99
Apr 29 08:16:50 d-svr-waz-wm postfix/qmgr[63198]: 50263440C99: from=<>, size=2365, nrcpt=1 (queue active)
Apr 29 08:16:50 d-svr-waz-wm postfix/qmgr[63198]: A638A440C98: removed
Apr 29 08:16:50 d-svr-waz-wm postfix/smtp[63221]: 50263440C99: to=<in...@dataperfect.com>, relay=smtp.mxthunder.net[208.53.48.222]:25, delay=0.32, delays=0/0/0.29/0.02, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[208.53.48.222] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 29 08:16:50 d-svr-waz-wm postfix/qmgr[63198]: 50263440C99: removed
Apr 29 08:16:49 d-svr-waz-wm postfix/pickup[63199]: A638A440C98: uid=0 from=<in...@dataperfect.com>
Apr 29 08:16:49 d-svr-waz-wm postfix/cleanup[63219]: A638A440C98: message-id=<20220429151649.A638A440C98@d-svr-waz-wm>
Apr 29 08:16:49 d-svr-waz-wm postfix/qmgr[63198]: A638A440C98: from=<in...@dataperfect.com>, size=364, nrcpt=1 (queue active)
Apr 29 08:16:50 d-svr-waz-wm postfix/smtp[63221]: A638A440C98: to=<hafiznas...@gmail.com>, relay=smtp.mxthunder.net[108.60.195.205]:25, delay=0.59, delays=0.03/0.04/0.47/0.05, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[108.60.195.205] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 29 08:16:50 d-svr-waz-wm postfix/cleanup[63219]: 50263440C99: message-id=<20220429151650.50263440C99@d-svr-waz-wm>
Apr 29 08:16:50 d-svr-waz-wm postfix/bounce[63223]: A638A440C98: sender non-delivery notification: 50263440C99
Apr 29 08:16:50 d-svr-waz-wm postfix/qmgr[63198]: 50263440C99: from=<>, size=2365, nrcpt=1 (queue active)
Apr 29 08:16:50 d-svr-waz-wm postfix/qmgr[63198]: A638A440C98: removed
Apr 29 08:16:50 d-svr-waz-wm postfix/smtp[63221]: 50263440C99: to=<in...@dataperfect.com>, relay=smtp.mxthunder.net[208.53.48.222]:25, delay=0.32, delays=0/0/0.29/0.02, dsn=5.7.1, status=bounced (host smtp.mxthunder.net[208.53.48.222] said: 530 5.7.1 Authentication required (in reply to MAIL FROM command))
Apr 29 08:16:50 d-svr-waz-wm postfix/qmgr[63198]: 50263440C99: removed
root@d-svr-waz-wm:~# tail -f /var/log/mail.warn
Apr 28 16:00:43 d-svr-waz-wm postfix/postmap[59290]: fatal: open status: No such file or directory
Apr 28 16:01:43 d-svr-waz-wm postfix/postmap[59293]: fatal: open status: No such file or directory
Apr 28 16:23:45 d-svr-waz-wm postfix/postmap[59358]: fatal: usage: postmap [-bfFhimnNoprsuUvw] [-c config_dir] [-d key] [-q key] [map_type:]file...
Apr 28 16:24:50 d-svr-waz-wm postfix/postmap[59361]: fatal: usage: postmap [-bfFhimnNoprsuUvw] [-c config_dir] [-d key] [-q key] [map_type:]file...
Apr 28 16:24:57 d-svr-waz-wm postfix/postmap[59362]: fatal: open status: No such file or directory
Apr 28 16:25:26 d-svr-waz-wm postfix/postmap[59363]: fatal: usage: postmap [-bfFhimnNoprsuUvw] [-c config_dir] [-d key] [-q key] [map_type:]file...
Apr 28 16:28:48 d-svr-waz-wm postfix/postmap[59378]: fatal: usage: postmap [-bfFhimnNoprsuUvw] [-c config_dir] [-d key] [-q key] [map_type:]file...
Apr 28 23:10:34 d-svr-waz-wm postfix/postfix-script[60927]: warning: symlink leaves directory: /etc/postfix/./makedefs.out
Apr 28 16:00:43 d-svr-waz-wm postfix/postmap[59290]: fatal: open status: No such file or directory
Apr 28 16:01:43 d-svr-waz-wm postfix/postmap[59293]: fatal: open status: No such file or directory
Apr 28 16:23:45 d-svr-waz-wm postfix/postmap[59358]: fatal: usage: postmap [-bfFhimnNoprsuUvw] [-c config_dir] [-d key] [-q key] [map_type:]file...
Apr 28 16:24:50 d-svr-waz-wm postfix/postmap[59361]: fatal: usage: postmap [-bfFhimnNoprsuUvw] [-c config_dir] [-d key] [-q key] [map_type:]file...
Apr 28 16:24:57 d-svr-waz-wm postfix/postmap[59362]: fatal: open status: No such file or directory
Apr 28 16:25:26 d-svr-waz-wm postfix/postmap[59363]: fatal: usage: postmap [-bfFhimnNoprsuUvw] [-c config_dir] [-d key] [-q key] [map_type:]file...
Apr 28 16:28:48 d-svr-waz-wm postfix/postmap[59378]: fatal: usage: postmap [-bfFhimnNoprsuUvw] [-c config_dir] [-d key] [-q key] [map_type:]file...
Apr 28 23:10:34 d-svr-waz-wm postfix/postfix-script[60927]: warning: symlink leaves directory: /etc/postfix/./makedefs.out
Configuration in /etc/postfix/main.cf
relayhost = smtp.mxthunder.net:25
smpt_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_use_tls = yes
Configuration in /var/ossec/etc/ossec.conf
<ossec_config>
<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>yes</email_notification>
<smtp_server>localhost</smtp_server>
<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>yes</email_notification>
<smtp_server>localhost</smtp_server>
<email_from>in...@dataperfect.com</email_from>
<email_to>hafiznas...@gmail.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<agents_disconnection_time>10m</agents_disconnection_time>
<agents_disconnection_alert_time>0</agents_disconnection_alert_time>
</global>
I installed this postfix on a wazuh-worker machine.
Regards
Hafiz Naser Aslam
Research Officer in "High Performance Computing & Networking Lab"
Al-Khawarizmi Institute Of Computer Science (KICS)
University Of Engineering and Technology (UET), Lahore
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/577d5d95-84fb-47a9-ad0e-35f6c3780e6dn%40googlegroups.com.
Carlos Ezequiel Bordon
May 6, 2022, 2:10:10 PM5/6/22
to Wazuh mailing list
Can you run the following commands and share the output with us?
which postfix
which postmap
whereis postfix
whereis postmap
However, I recommend that you remove the postfix installation from the worker and master with purge.
apt-get purge postfix
apt-get purge postmap
Reinstall postfix on the master node following the steps in the documentation, now setting the username and password you used in your tests.
We are going to leave the postfix installation only on the master
You can also validate connectivity at the network level with the server smtp.mxthunder.net:25
which postfix
which postmap
whereis postfix
whereis postmap
However, I recommend that you remove the postfix installation from the worker and master with purge.
apt-get purge postfix
apt-get purge postmap
Reinstall postfix on the master node following the steps in the documentation, now setting the username and password you used in your tests.
We are going to leave the postfix installation only on the master
You can also validate connectivity at the network level with the server smtp.mxthunder.net:25
Reply all
Reply to author
Forward
0 new messages