Tripwire can't send report by email
Cedric DC
I repost my question because I don't have posted it in the right way. I'm sorry, it's my first post in the Debian mailing list.
I have setup tripwire on a Debian 6. I have tripwire integrity reports (pwr files) in the directory /var/lib/tripwire/report/
With the following command I can read the report.
twprint --print-report --twrfile proxytest-20110421-135326.twr > test-log
I would like send the report by email.
In the file /etc/cron.daily/tripwire
there is the command tripwire --check --quiet --email-report
If I try to launch this in command line I have this message :
root@proxytest:/etc/cron.daily# /usr/sbin/tripwire --test --email to...@mydomain.com
Sending a test message to: to...@mydomain.com
### Error: The SMTP server returned an error.
### Error Number:504 5.5.2 <tripwire@proxytest>: Sender address rejected: need
### fully-qualified address
### Exiting...
Email test failed.
proxytest is the hostname of my server
Do you have an idea to solve this issue ?
I tried to change in the twcfg the variable SMTPHOST by smtp.altitudetelecom.fr (my ISP SMTP relay) instead of localhost. But it doesn't work...
Thank you in advance for your help.
Cedric
Cedric DC
If I try to launch hostname -v, I have the FQDN of my server.
root@proxytest:/etc/tripwire# hostname -f
proxytest.subdomain.mydomain.com
Can I specify the "From address" in twcfg.txt ?
root@proxytest:/etc/tripwire# hostname -f
proxytest.intra.ville-issy.fr
Here my twcfg.txt file
root@proxytest:/etc/tripwire# more twcfg.txt
ROOT =/usr/sbin
POLFILE =/etc/tripwire/tw.pol
DBFILE =/var/lib/tripwire/$(HOSTNAME).twd
REPORTFILE =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
SITEKEYFILE =/etc/tripwire/site.key
LOCALKEYFILE =/etc/tripwire/$(HOSTNAME)-local.key
EDITOR =/usr/bin/editor
LATEPROMPTING =false
LOOSEDI RECTORYCHECKING =false
MAILNOVIOLATIONS =true
EMAILREPORTLEVEL =3
REPORTLEVEL =3
SYSLOGREPORTING =true
MAILMETHOD =SMTP
SMTPHOST =localhost
#SMTPHOST =smtp.altitudetelecom.fr
SMTPPORT =25
Thank you
From: one...@hotmail.com
To: debia...@lists.debian.org
Subject: Tripwire can't send report by email
Date: Sun, 24 Apr 2011 07:28:42 +0000
Camaleón
> I repost my question because I don't have posted it in the right way.
> I'm sorry, it's my first post in the Debian mailing list.
Good, but next time avoid using html in messages ;-)
(...)
> ### Error Number:504 5.5.2 <tripwire@proxytest>: Sender address rejected: need
> ### fully-qualified address
> ### Exiting...
> Email test failed.
That usually means that remote server (located at "mydomain.com") it has
rejected the "From:" address from your host, which is normal provided
that you have not "masqueraded" (and you need to) your fancy e-mail
address when you are going throught Internet.
So basically you have to go with one of these options:
1/ Instruct tripwire to use a real e-mail sender (whether possible)
2/ Configure your MTA/MDA to go out with a real/routeable e-mail address
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/pan.2011.04...@gmail.com
Freeman
>
> I don't find how to change this "<tripwire@proxytest>" by a FQDN the <trip...@mydomain.com>
> If I try to launch hostname -v, I have the FQDN of my server.
> root@proxytest:/etc/tripwire# hostname -f
> proxytest.subdomain.mydomain.com
>
> Can I specify the "From address" in twcfg.txt ?
> root@proxytest:/etc/tripwire# hostname -f
> proxytest.intra.ville-issy.fr
>
> Here my twcfg.txt file
>
> root@proxytest:/etc/tripwire# more twcfg.txt
> ROOT =/usr/sbin
> POLFILE =/etc/tripwire/tw.pol
> DBFILE =/var/lib/tripwire/$(HOSTNAME).twd
> REPORTFILE =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
> SITEKEYFILE =/etc/tripwire/site.key
> LOCALKEYFILE =/etc/tripwire/$(HOSTNAME)-local.key
> EDITOR =/usr/bin/editor
> LATEPROMPTING =false
> MAILNOVIOLATIONS =true
> EMAILREPORTLEVEL =3
> REPORTLEVEL =3
> SYSLOGREPORTING =true
> MAILMETHOD =SMTP
> SMTPHOST =localhost
> #SMTPHOST =smtp.altitudetelecom.fr
> SMTPPORT =25
>
Can you send other mail successfully from this machine through
smtp.altitudetelecom.fr using your MTA (maybe exim4?)?
--
Regards,
Freeman
"Microsoft is not the answer. Microsoft is the question. NO (or Linux) is the
answer." --Somebody
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/20110424193...@Deneb.office
Paul E Condon
I don't have much to offer on your problem with tripwire, but your emails
to debian-user are being caught by a spam filter that I have recently
installed that is claimed by its author to filter out 'unreadable' spam.
This may be happening to other subscribers ot debian-user. If one of
them, more knowledgeable than me, could look at my request for help with
a procmail recipe, we might both benefit. The reason for my request was/is
that a noticed these apparently well-form emails from you being caught
by this complicated, and to me, unintelligible recipe.
Paul
--
Paul E Condon
peco...@mesanetworks.net
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Cedric DC
> 1/ Instruct tripwire to use a real e-mail sender (whether possible)
> 2/ Configure your MTA/MDA to go out with a real/routeable e-mail address.
I try to translate the email address @proxy by @mydomain.com
> I had in the file /etc/exim4.conf.template this one and restart exim4
# TEST
*@*proxytest* $1...@mydomain.com
And it's doesn't work
Regards
Cédric
----------------------------------------
> To: debia...@lists.debian.org
> From: noel...@gmail.com
> Subject: Re: Tripwire can't send report by email
> Date: Sun, 24 Apr 2011 11:19:32 +0000
> On Sun, 24 Apr 2011 07:28:42 +0000, Cedric DC wrote:
>
> > I repost my question because I don't have posted it in the right way.
> > I'm sorry, it's my first post in the Debian mailing list.
>
> Good, but next time avoid using html in messages ;-)
>
> (...)
>
Camaleón
>> 1/ Instruct tripwire to use a real e-mail sender (whether possible)
> I have read the "man tripwire". It's not possible to specify the
> sender email address.
Recheck "man 8 tripwire" (test mode), it seems you can configure some e-
mailing options...
> > 2/ Configure your MTA/MDA to go out with a real/routeable e-mail
> > address.
> I try to translate the email address @proxy by @mydomain.com
>
>> I had in the file /etc/exim4.conf.template this one and restart exim4
> # TEST
> *@*proxytest* $1...@mydomain.com
>
> And it's doesn't work
Exim (which I hardly know) is a bit "sui-generis", there are some pre-
configuration options that setup the daemon to act differently (as
smarthost, localhost...), maybe someone in the know can give you more
accurate steps to properly set it up.
Cedric DC
I have change a settings in my hotmail email.
I hope that's OK now.
----------------------------------------
> Date: Mon, 25 Apr 2011 08:40:39 -0600
> From: peco...@mesanetworks.net
> To: debia...@lists.debian.org
> Subject: Re: Tripwire can't send report by email [OT but not really]
>
> Cedric,
>
> I don't have much to offer on your problem with tripwire, but your emails
> to debian-user are being caught by a spam filter that I have recently
> installed that is claimed by its author to filter out 'unreadable' spam.
> This may be happening to other subscribers ot debian-user. If one of
> them, more knowledgeable than me, could look at my request for help with
> a procmail recipe, we might both benefit. The reason for my request was/is
> that a noticed these apparently well-form emails from you being caught
> by this complicated, and to me, unintelligible recipe.
>
> Paul
>
>
> On 20110424_072842, Cedric DC wrote:
> >
> > Hello,
> >
> > I repost my question because I don't have posted it in the right way. I'm sorry, it's my first post in the Debian mailing list.
> >
> > I have setup tripwire on a Debian 6. I have tripwire integrity reports (pwr files) in the directory /var/lib/tripwire/report/
> > With the following command I can read the report.
> > twprint --print-report --twrfile proxytest-20110421-135326.twr > test-log
> >
> > I would like send the report by email.
> >
> > In the file /etc/cron.daily/tripwire
> > there is the command tripwire --check --quiet --email-report
> >
> > If I try to launch this in command line I have this message :
> > root@proxytest:/etc/cron.daily# /usr/sbin/tripwire --test --email to...@mydomain.com
> > Sending a test message to: to...@mydomain.com
> > ### Error: The SMTP server returned an error.
> > ### Error Number:504 5.5.2 : Sender address rejected: need
> > ### fully-qualified address
> > ### Exiting...
> > Email test failed.
> >
> > proxytest is the hostname of my server
> >
> > Do you have an idea to solve this issue ?
> > I
> > tried to change in the twcfg the variable SMTPHOST by
> > smtp.altitudetelecom.fr (my ISP SMTP relay) instead of localhost. But it
> > doesn't work...
> >
> > Thank you in advance for your help.
> >
> > Cedric
> >
> >
>
> --
> Paul E Condon
> peco...@mesanetworks.net
>
>
> --
> To UNSUBSCRIBE, email to debian-us...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
> Archive: http://lists.debian.org/2011042514...@big.lan.gnu
>
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/COL116-W320C5A019...@phx.gbl
Freeman
>
> Hello,
>
> I repost my question because I don't have posted it in the right way. I'm sorry, it's my first post in the Debian mailing list.
>
> I have setup tripwire on a Debian 6. I have tripwire integrity reports (pwr files) in the directory /var/lib/tripwire/report/
> With the following command I can read the report.
> twprint --print-report --twrfile proxytest-20110421-135326.twr > test-log
>
> I would like send the report by email.
>
. . .
To Cedric regarding email that may have been intended as a list reply:
I think the safest way to edit Exim4 configs to mask the local domain would
be to run
# dpkg-reconfigure exim4-config
Since Exim4 is behaving as you would like otherwise, "OK" through all the
options until you hit
"Hide local mail name in outgoing mail?"
Then hit yes and enter the domain.xxx you want mail to be ostensibly sent
from. Then continue as before. You can cancel out if anything goes amiss.
Probably a good idea to think through the ramifications this might have on
any existing email configurations.
--
Regards,
Freeman
"Microsoft is not the answer. Microsoft is the question. NO (or Linux) is the
answer." --Somebody
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/20110425185...@Europa.office
Freeman
> On Mon, 25 Apr 2011 16:28:09 +0000, Cedric DC wrote:
>
> >> 1/ Instruct tripwire to use a real e-mail sender (whether possible)
> > I have read the "man tripwire". It's not possible to specify the
> > sender email address.
>
> Recheck "man 8 tripwire" (test mode), it seems you can configure some e-
> mailing options...
>
> > > 2/ Configure your MTA/MDA to go out with a real/routeable e-mail
> > > address.
> > I try to translate the email address @proxy by @mydomain.com
> >
> >> I had in the file /etc/exim4.conf.template this one and restart exim4
> > # TEST
> > *@*proxytest* $1...@mydomain.com
> >
> > And it's doesn't work
>
> Exim (which I hardly know) is a bit "sui-generis", there are some pre-
> configuration options that setup the daemon to act differently (as
> smarthost, localhost...), maybe someone in the know can give you more
> accurate steps to properly set it up.
>
I wouldn't call myself "in the know," but I run Exim4.
An ISP's SMTP server would be a smarthost. Smarthost is the SMTP server
that mail is sent to by localhost for delivery elsewhere. This is to
prevent mail sent directly by the localhost SMTP from being rejected for a
dynamic IP address.
--
Regards,
Freeman
"Microsoft is not the answer. Microsoft is the question. NO (or Linux) is the
answer." --Somebody
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/20110426182...@Europa.office
Cedric DC
Hello,
I have written a script which send the report to a email address.
Finally it was the solution the most simplest.
Thank you for your help
Regards
Cédric
________________________________
> From: one...@hotmail.com
> To: debia...@lists.debian.org
> Subject: Tripwire can't send report by email
> Date: Sun, 24 Apr 2011 07:28:42 +0000
>
> Hello,
>
> I repost my question because I don't have posted it in the right way.
> I'm sorry, it's my first post in the Debian mailing list.
>
> I have setup tripwire on a Debian 6. I have tripwire integrity reports
> (pwr files) in the directory /var/lib/tripwire/report/
> With the following command I can read the report.
> twprint --print-report --twrfile proxytest-20110421-135326.twr > test-log
>
> I would like send the report by email.
>
> In the file /etc/cron.daily/tripwire
> there is the command tripwire --check --quiet --email-report
>
> If I try to launch this in command line I have this message :
> root@proxytest:/etc/cron.daily# /usr/sbin/tripwire --test --email
> to...@mydomain.com
> Sending a test message to: to...@mydomain.com
> ### Error: The SMTP server returned an error.
> ### Error Number:504 5.5.2 : Sender address
> rejected: need
> ### fully-qualified address
> ### Exiting...
> Email test failed.
>
> proxytest is the hostname of my server
>
> Do you have an idea to solve this issue ?
> I tried to change in the twcfg the variable SMTPHOST by
> smtp.altitudetelecom.fr (my ISP SMTP relay) instead of localhost. But
> it doesn't work...
>
> Thank you in advance for your help.
>
> Cedric
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/COL116-W11061AC32...@phx.gbl