Configuration email alert failed
72 views
Skip to first unread message
Le Sok
Oct 7, 2023, 11:27:50 PM10/7/23
to Wazuh | Mailing List
When I try to configuration wazuh alert to my email but it's not working here is logs when I try tov send mail test. https://documentation.wazuh.com/current/user-manual/manager/manual-email-report/smtp-authentication.html link I follow configuration.
here is the logs:
Oct 8 10:19:37 admin postfix/pickup[61118]: 021D4344FBC: uid=0 from=<mye...@gmail.com>
Oct 8 10:19:37 admin postfix/trivial-rewrite[61959]: warning: /etc/postfix/main.cf, line 53: overriding earlier entry: smtpd_relay_restrictions=permit_mynetworks permit_sasl_authenticated defer_unauth_destination
Oct 8 10:19:37 admin postfix/cleanup[61958]: 021D4344FBC: message-id=<2023100803193...@admin.localdomain>
Oct 8 10:19:37 admin postfix/qmgr[61119]: 021D4344FBC: from=<mye...@gmail.com>, size=359, nrcpt=1 (queue active)
Oct 8 10:19:37 admin postfix/smtp[61960]: warning: /etc/postfix/main.cf, line 53: overriding earlier entry: smtpd_relay_restrictions=permit_mynetworks permit_sasl_authenticated defer_unauth_destination
Oct 8 10:19:37 admin postfix/tlsmgr[61961]: warning: /etc/postfix/main.cf, line 53: overriding earlier entry: smtpd_relay_restrictions=permit_mynetworks permit_sasl_authenticated defer_unauth_destination
Oct 8 10:19:37 admin postfix/smtp[61960]: connect to smtp.gmail.com[2404:6800:4003:c00::6d]:587: Network is unreachable
Oct 8 10:19:38 admin postfix/bounce[62029]: warning: /etc/postfix/main.cf, line 53: overriding earlier entry: smtpd_relay_restrictions=permit_mynetworks permit_sasl_authenticated defer_unauth_destination
Oct 8 10:19:38 admin postfix/smtp[61960]: 021D4344FBC: to=<mye...@gmail.com>, relay=smtp.gmail.com[74.125.200.109]:587, delay=1.4, delays=0.02/0.1/1.3/0, dsn=4.7.9, status=deferred (SASL authentication failed; server smtp.gmail.com[74.125.200.109] said: 534-5.7.9 Application-specific password required. Learn more at?534 5.7.9 https://support.google.com/mail/?p=InvalidSecondFactor u4-20020a170902e5c400b001a9b29b6759sm6632999plf.183 - gsmtp
here is the logs:
Oct 8 10:19:37 admin postfix/pickup[61118]: 021D4344FBC: uid=0 from=<mye...@gmail.com>
Oct 8 10:19:37 admin postfix/trivial-rewrite[61959]: warning: /etc/postfix/main.cf, line 53: overriding earlier entry: smtpd_relay_restrictions=permit_mynetworks permit_sasl_authenticated defer_unauth_destination
Oct 8 10:19:37 admin postfix/cleanup[61958]: 021D4344FBC: message-id=<2023100803193...@admin.localdomain>
Oct 8 10:19:37 admin postfix/qmgr[61119]: 021D4344FBC: from=<mye...@gmail.com>, size=359, nrcpt=1 (queue active)
Oct 8 10:19:37 admin postfix/smtp[61960]: warning: /etc/postfix/main.cf, line 53: overriding earlier entry: smtpd_relay_restrictions=permit_mynetworks permit_sasl_authenticated defer_unauth_destination
Oct 8 10:19:37 admin postfix/tlsmgr[61961]: warning: /etc/postfix/main.cf, line 53: overriding earlier entry: smtpd_relay_restrictions=permit_mynetworks permit_sasl_authenticated defer_unauth_destination
Oct 8 10:19:37 admin postfix/smtp[61960]: connect to smtp.gmail.com[2404:6800:4003:c00::6d]:587: Network is unreachable
Oct 8 10:19:38 admin postfix/bounce[62029]: warning: /etc/postfix/main.cf, line 53: overriding earlier entry: smtpd_relay_restrictions=permit_mynetworks permit_sasl_authenticated defer_unauth_destination
Oct 8 10:19:38 admin postfix/smtp[61960]: 021D4344FBC: to=<mye...@gmail.com>, relay=smtp.gmail.com[74.125.200.109]:587, delay=1.4, delays=0.02/0.1/1.3/0, dsn=4.7.9, status=deferred (SASL authentication failed; server smtp.gmail.com[74.125.200.109] said: 534-5.7.9 Application-specific password required. Learn more at?534 5.7.9 https://support.google.com/mail/?p=InvalidSecondFactor u4-20020a170902e5c400b001a9b29b6759sm6632999plf.183 - gsmtp
Stuti Gupta
Oct 8, 2023, 11:29:39 PM10/8/23
to Wazuh | Mailing List
Hi Leo Sok,
Hope you are doing well and thank you for using wazuh.
the issue you're facing is related to SMTP authentication with Gmail. The error message 534-5.7.9 Application-specific password required indicates that Gmail requires an application-specific password for authentication. Can you please verify that password is an App Password as app passwords can only be used with accounts that have 2-Steps verification turned on? Please follow the streps mentioned below.
Hope you are doing well and thank you for using wazuh.
the issue you're facing is related to SMTP authentication with Gmail. The error message 534-5.7.9 Application-specific password required indicates that Gmail requires an application-specific password for authentication. Can you please verify that password is an App Password as app passwords can only be used with accounts that have 2-Steps verification turned on? Please follow the streps mentioned below.
- Go to the App Password link and create the company name. Once done that will generate password save it because it wont apper again.
- Then create a file sasl_passwd and save the email and password that was generated at 1st step. (Please remember to delete old once that you have creted previously.) Using the commands mentioned below:
echo [smtp.gmail.com]:587 USER...@gmail.com:PASSWORD > /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
chmod 400 /etc/postfix/sasl_passwd - Secure your password DB file.
chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db - After making the changes please Restart Postfix and wazuh manager:
systemctl restart postfix
systemctl restart wazuh-manager.
After following these steps, try sending a test email again. This should resolve the authentication issue. If you still face issues, please share the ossec.conf.
Hope this will help.
Regards,
Hope this will help.
Regards,
Reply all
Reply to author
Forward
0 new messages