SMTP server with authentication
404 views
Skip to first unread message
siddha...@gmail.com
Nov 26, 2021, 8:29:59 AM11/26/21
to Wazuh mailing list
Hi Team,
i am using wazuh4.1 all in one with ubuntu 20.04.
i'm trying to configure alerts on mail, so that i followed below mentioned article.
and i check /var/ossec/logs/ossec.log and found some error
2021/11/26 18:51:43 ossec-maild: ERROR: (1762): Banner not received from server
2021/11/26 18:51:43 ossec-maild: ERROR: (1223): Error Sending email to 127.0.0.1 (smtp server)
2021/11/26 18:52:16 ossec-maild: ERROR: (1762): Banner not received from server
2021/11/26 18:52:16 ossec-maild: ERROR: (1223): Error Sending email to 127.0.0.1 (smtp server)
2021/11/26 18:52:32 ossec-maild: ERROR: (1762): Banner not received from server
2021/11/26 18:52:32 ossec-maild: ERROR: (1223): Error Sending email to 127.0.0.1 (smtp server)
2021/11/26 18:52:49 ossec-maild: ERROR: (1762): Banner not received from server
2021/11/26 18:52:49 ossec-maild: ERROR: (1223): Error Sending email to 127.0.0.1 (smtp server)
2021/11/26 18:51:43 ossec-maild: ERROR: (1223): Error Sending email to 127.0.0.1 (smtp server)
2021/11/26 18:52:16 ossec-maild: ERROR: (1762): Banner not received from server
2021/11/26 18:52:16 ossec-maild: ERROR: (1223): Error Sending email to 127.0.0.1 (smtp server)
2021/11/26 18:52:32 ossec-maild: ERROR: (1762): Banner not received from server
2021/11/26 18:52:32 ossec-maild: ERROR: (1223): Error Sending email to 127.0.0.1 (smtp server)
2021/11/26 18:52:49 ossec-maild: ERROR: (1762): Banner not received from server
2021/11/26 18:52:49 ossec-maild: ERROR: (1223): Error Sending email to 127.0.0.1 (smtp server)
but i can test configurations with echo "Test mail from postfix" | mail -s "Test Postfix" -r "y...@example.com" y...@example.com
please suggest.
Damian Nicastro
Nov 26, 2021, 9:18:56 AM11/26/21
to Wazuh mailing list
Hi @
siddharth.igt
I hope you are fine.
There is no much information about the error in these log lines. Could you please, send me the the postfix configuration in /etc/postfix/main.cf?
Lease, try using 127.0.0.1 instead of "localhost" in your configuration:
<global>
<email_notification>yes</email_notification>
<smtp_server>127.0.0.1</smtp_server>
<email_from>USER...@gmail.com</email_from>
<email_to>y...@example.com</email_to>
</global>
I hope this helps.
Thanks
Thanks
siddharth jha
Nov 26, 2021, 10:26:55 AM11/26/21
to Damian Nicastro, Wazuh mailing list
Hello Damian,
Thank you for your response .
please find
postfix configuration in /etc/postfix/main.cf? below.
relayhost = [smtpout.secureserver.net]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/thawte_Primary_Root_CA.pem
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/thawte_Primary_Root_CA.pem
smtp_use_tls = yes
and i have also changed localhost to 127.0.0.1 but still its not working.
Please suggest.
Thank You
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/32gx2w5sXBw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/6910a033-9251-4a73-9ea4-c8e47a91e200n%40googlegroups.com.
Damian Nicastro
Nov 26, 2021, 2:52:00 PM11/26/21
to Wazuh mailing list
Hi @
siddharth.igt
Please, also check that the banner part of the postfix config. It must be commented to use default settings:
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
Don't forget to restart the postfix service when you make a change in /etc/postfix/main.cf
After this, verify that you are receiving the banner message of your Wazuh manager in Postfix:
[root@wazuh-man-4 ~]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 wazuh-man-4.2.1 ESMTP Postfix
I hope this helps.
Thanks
siddharth jha
Nov 27, 2021, 3:29:57 AM11/27/21
to Damian Nicastro, Wazuh mailing list
Hi Damian,
I have added please have a look.
relayhost = [smtpout.secureserver.net]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/thawte_Primary_Root_CA.pem
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/thawte_Primary_Root_CA.pem
smtp_use_tls = yes
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
then i restart postfix service and check
root@WAZUHAIO:~# telnet localhost 25
Trying 127.0.0.1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'
please suggest.
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/eb05270e-a7fe-4c33-b1d4-61f88169eb80n%40googlegroups.com.
Damian Nicastro
Nov 29, 2021, 3:47:21 PM11/29/21
to Wazuh mailing list
Hi
siddharth.igt:
It is clear that banner is not showing up and it is not connected to the Postfix console. Check the status of Postfix:
# systemctl status postfix
Check that effectively no banner is configured in /etc/postfix/main.cf. Don't add any extra lines for this. Just comment if there is some smtpd_banner line.
Check the 'ehlo localhost' once connected to see if there is any response from Postfix. For more information you can see:
I hope this helps.
Thanks
Reply all
Reply to author
Forward
0 new messages