On Nov 8, 2016 4:35 AM, "Whit Blauvelt" <wh...@transpect.com> wrote:
>
> Hi,
>
> There have been multiple past discussions of email problems. Yet none seem
> to cover this exactly. Here's what's logging, repeatedly:
>
> 2016/11/04 18:33:53 getaddrinfo: Name or service not known
> 2016/11/04 18:33:53 ossec-maild(1223): ERROR: Error Sending email to localhost (smtp server)
>
> It would be helpful to have better error messaging. What "name or service"
> does it wish to know? What specifically was the "error sending email"?
>
> This system is:
>
> ossec-hids-2.9rc3 (via install.sh)
> Ubuntu 16.04.1 LTS
> Postfix 3.1.0-3 (from Ubuntu apt)
> - which works fine when test email composed in mutt and sent
> - nothing in mail.log at time of ossec's "error sending email" events
>
> ossec.conf's only modification was to put in localhost rather than our MX,
> as we don't want this dependent on an external mail system that way:
>
> <global>
> <email_notification>yes</email_notification>
> <email_to>blah...@obfuscated.com</email_to>
> <smtp_server>localhost</smtp_server>
>
Have you tried 127.0.0.1?
<email_from>oss...@ossec.obfuscated.com</email_from>
> </global>
>
> Postfix is there listening:
>
> root@rpc-ossec:/var/ossec/etc# telnet localhost 25
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 ossec.obfuscated.com ESMTP Postfix (Ubuntu)
>
> What's the secret sauce to get ossec-maild to be happy with Postfix?
>
> Thanks,
> Whit
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
What kind of documentation do you need? Ossec chroots to the install dir (/var/ossec by default)
Lately being relative, I guess. Maild has been chrooting for as long as I remember.
If OSSEC is chrooting to /var/ossec, copy your /etc/services and /etc/hosts files to the /var/ossec/etc directory. Do not use a symlink or a hardlink -- copy them physically into the directory. It will find them without any issue and your problem should go away. Best,