Google SMTP Configuration

[Daniel]

Hello Everyone!

Is there anyone who has successfully configured Google SMTP in order to send reports and email alerts ? I am confused with the configuration required as per the documentation available.

I require to send email alerts with the below configuration:

Sender Email: xx...@gmail.com

SMTP: Google SMTP

Receiver Email: yy...@gmail.com

You are requested to elaborate SMTP configuration as the provided one on the document is insufficient to understand clearly.

[Daniel]

I have tried to integrate Gmail SMTP with Wazuh by following official documentation section " SMTP server with authentication" but the problem is I am  receiving "mail delivery failure" email notification into the email inbox of configured sender.

How-ever my recipient end mail-box is fully functional as I am receiving frequent emails from other senders.

My Email configuration is a below:

Sender: daniyaly...@gmail.com

Receiver: daniyal...@gmail.com

Below are the pasted configuration settings:

The provided App password and sender address mail box:

THe configures settings for SMTP:

Testing Command to check email process:

Your kind  and professional support would be highly appreciated.

Regards,

Daniyal

[Daniel]

Mentioning Emails Again:

Sender: daniyalyaseen0213[@]gmail[.]com

Receiver: daniyalyaseen35[@]gmail[.]com

[Sandra Ocando]

Hi Daniel,

I just followed the SMTP server with authentication instructions without any issue. Let's try to figure out what's happening in your case:

•  What does the "mail delivery failure" email notification says? This mail usually includes what the response was, please share it so we can debug the issue.
  
   For example, "The response was: 550 5.7.1 [1.1.1.1] This message is not RFC 5322 compliant, the issue is: duplicate To headers." 

• Look for errors or warnings in /var/log/maillog and let us know. 

• Share your ossec.conf file. Remember to redact sensitive information.
  

Best regards,
Sandra.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/d5afa0d7-245e-4c78-bcfe-549318ff24c2n%40googlegroups.com.

[Daniel]

Hello Team Wazuh and Sandra,

Thanks for the response,  please find the required information as per order:

• What does the "mail delivery failure" email notification says? This mail usually includes what the response was, please share it so we can debug the issue.
  

        ANS: 

• Look for errors or warnings in /var/log/maillog and let us know.
  

       ANS:  Please find attached mail.log file.

• Share your ossec.conf file. Remember to redact sensitive information.

      ANS: Find attached.

Note: Please confirm the parameters I have mentioned in the first email are correct ? you are requested to check and share the details or resolution pleaase.

[Daniel]

Hello Team,

Any  progressive update?

[Sandra Ocando]

Hi Daniel,

The SMTP settings in your first email look good, nevertheless, in your maillog you have the following "warning: /etc/postfix/main.cf, line 50: overriding earlier entry: relayhost=" so you may have duplicated settings.
There's also the "Recipient address rejected: User unknown in local recipient table" error, check this post about common causes and how to fix it: https://bobcares.com/blog/user-unknown-in-local-recipient-table
Feel free to share your /etc/postfix/main.cf file for further debugging. Remember to redact sensitive information.
Regarding your question about the testing command, you may use the following one:

echo "Test mail from postfix" | mail -s "Test Postfix" <recipient>@gmail.com
Best regards,
Sandra.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/c9aed120-16f4-4dd3-ac9e-0adb63bf064fn%40googlegroups.com.

[Daniel]

Hello Sandra and Team,

1) I have provided you with the config of  " /etc/postfix/main.cf" , as per mu observation I didn't see any duplication, you can confirm.

2) Further could you confirm from where we can view the  "User unknown in local recipient table" error?

Regards,

Daniel Yasin

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

[Daniel]

Hello Sandra,

SMTP-based issues are now resolved, further could you please confirm how can we change the sender name to our own choice, you can refer my attached SC where I want to change "root" to something else.

 

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/c9aed120-16f4-4dd3-ac9e-0adb63bf064fn%40googlegroups.com.

[Sandra Ocando]

Hi Daniel,

I'm glad to hear that the SMTP issues are now resolved. Regarding the sender name, the test in your screenshot appears as sent by root as it's the user that executed the mail test.
Alerts from Wazuh appear as sent from "Wazuh", see attached screenshot.
Best regards,
Sandra.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/bd8a9a44-a703-46f6-b00e-afd3e88bdb93n%40googlegroups.com.