Problem with configuring Postfix relay with Outlook

148 views
Skip to first unread message

Todor Dimitrov

unread,
Nov 27, 2024, 10:26:26 AM11/27/24
to Wazuh | Mailing List
Good evening professionals,

I'm trying to set up Postfix relay server locally to send me alerts about events with rule.level 9 and over but i can't even make the test e-mail work. Every single time i get this error:

2024-11-27T17:05:27.187116+02:00 wazuh postfix/pickup[131198]: 2D8A5267D02: uid=0 from=<e-mail.address>
2024-11-27T17:05:27.198291+02:00 wazuh postfix/cleanup[131235]: 2D8A5267D02: message-id=<2024112715052...@wazuh.localdomain>
2024-11-27T17:05:27.205482+02:00 wazuh postfix/qmgr[131200]: 2D8A5267D02: from=<e-mail.address>, size=365, nrcpt=1 (queue active)
2024-11-27T17:05:27.277170+02:00 wazuh postfix/smtp[131237]: connect to smtp.office365.com[2603:1026:c01:20::2]:587: Network is unreachable
2024-11-27T17:05:32.634794+02:00 wazuh postfix/smtp[131237]: 2D8A5267D02: to=<e-mail.address>, relay=smtp.office365.com[40.99.150.98]:587, delay=5.5, delays=0.04/0.05/0.34/5, dsn=5.7.57, status=bounced (host smtp.office365.com[40.99.150.98] said: 530 5.7.57 Client not authenticated to send mail. [FR0P281CA0109.DEUP281.PROD.OUTLOOK.COM 2024-11-27T15:05:32.604Z 08DD0E7FDC152C81] (in reply to MAIL FROM command))
2024-11-27T17:05:32.635046+02:00 wazuh postfix/smtp[131237]: 2D8A5267D02: lost connection with smtp.office365.com[40.99.150.98] while sending RCPT TO
2024-11-27T17:05:32.637201+02:00 wazuh postfix/cleanup[131235]: 9B2F72670AF: message-id=<2024112715053...@wazuh.localdomain>
2024-11-27T17:05:32.644711+02:00 wazuh postfix/bounce[131241]: 2D8A5267D02: sender non-delivery notification: 9B2F72670AF
2024-11-27T17:05:32.645031+02:00 wazuh postfix/qmgr[131200]: 9B2F72670AF: from=<>, size=2521, nrcpt=1 (queue active)
2024-11-27T17:05:32.645098+02:00 wazuh postfix/qmgr[131200]: 2D8A5267D02: removed
2024-11-27T17:05:32.646134+02:00 wazuh postfix/smtp[131237]: connect to smtp.office365.com[2603:1026:301:54::2]:587: Network is unreachable
2024-11-27T17:05:37.986005+02:00 wazuh postfix/smtp[131237]: 9B2F72670AF: to=<e-mail.address>, relay=smtp.office365.com[52.98.179.34]:587, delay=5.3, delays=0.01/0/0.3/5, dsn=5.7.57, status=bounced (host smtp.office365.com[52.98.179.34] said: 530 5.7.57 Client not authenticated to send mail. [FR5P281CA0052.DEUP281.PROD.OUTLOOK.COM 2024-11-27T15:05:37.955Z 08DD0E659F4DA349] (in reply to MAIL FROM command))
2024-11-27T17:05:37.986399+02:00 wazuh postfix/smtp[131237]: 9B2F72670AF: lost connection with smtp.office365.com[52.98.179.34] while sending RCPT TO
2024-11-27T17:05:37.989345+02:00 wazuh postfix/qmgr[131200]: 9B2F72670AF: removed
2024-11-27T17:05:42.554937+02:00 wazuh postfix/smtpd[131243]: error: open database /etc/aliases.db: No such file or directory
2024-11-27T17:05:42.555084+02:00 wazuh postfix/smtpd[131243]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
2024-11-27T17:05:42.556597+02:00 wazuh postfix/smtpd[131243]: connect from localhost[127.0.0.1]
2024-11-27T17:05:42.558188+02:00 wazuh postfix/smtpd[131243]: 8834E267CFB: client=localhost[127.0.0.1]
2024-11-27T17:05:42.599748+02:00 wazuh postfix/cleanup[131235]: 8834E267CFB: message-id=<2024112715054...@wazuh.localdomain>
2024-11-27T17:05:42.608176+02:00 wazuh postfix/qmgr[131200]: 8834E267CFB: from=<e-mail.address>, size=1660, nrcpt=1 (queue active)
2024-11-27T17:05:42.608303+02:00 wazuh postfix/smtpd[131243]: disconnect from localhost[127.0.0.1] helo=1 mail=1 rcpt=1 data=1 quit=1 commands=5

I have set up the From: and To: email addresses the same in ossec.conf file, i had to create the sasl_passwd file because it wasn't there but apparently this is normal. In the beginning of the installation i chose the No configuration option when it asked me and finished the installation. When i had to edit the main.cf file it wasn't in the postfix directory so i had to create it and put the configuration there. There was a file called main.cf.proto but i wasn't sure if i should put the configuration there or create the new file. Can anyone please help me with this problem?

Regards, 

Todor

Nicolas Zapata

unread,
Nov 27, 2024, 3:13:42 PM11/27/24
to Wazuh | Mailing List

Hi Todor,

Based on the logs you provided, this issue is not related to Wazuh itself but rather to the configuration of your Postfix relay. The errors indicate authentication problems with the Office 365 SMTP server and potential misconfigurations in Postfix.

A few points to check:

  1. Authentication Issue:
    The error 530 5.7.57 Client not authenticated to send mail suggests that the credentials for Office 365 are not being correctly used by Postfix. Verify your sasl_passwd file, ensuring it is in the proper format:

    [smtp.office365.com]:587 your_...@domain.com:your_password

    After configuring it, run:

    postmap /etc/postfix/sasl_passwd

    and restart Postfix.

  2. Configuration Files:
    Since main.cf was not originally present and you created it, ensure that the configuration matches what is needed for an SMTP relay. Review key settings such as:

    relayhost = [smtp.office365.com]:587 smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous

  3. Network Errors:
    The log mentions Network is unreachable when attempting to connect to IPv6 addresses. If your environment does not support IPv6, you might need to disable it in Postfix by adding this to main.cf:

    inet_protocols = ipv4

These configurations are entirely within the scope of Postfix and not Wazuh. I recommend reviewing your Postfix setup thoroughly and consulting the Postfix documentation or forums if the issue persists.

Best regards,

Todor Dimitrov

unread,
Nov 29, 2024, 1:54:23 AM11/29/24
to Wazuh | Mailing List
Hi Nicolas, 

Thank you for the information. I tried everything but my sasl authentication fails or is unsuccessful all the time and i can't understand why. Apologies, i was reading the instructions in the wazuh documentation and i just posted my question here. I will look for a postfix forum or something like that and ask there. Thank you for your time. 

Regards, 

Todor

Nicolas Zapata

unread,
Dec 2, 2024, 10:06:29 AM12/2/24
to Wazuh | Mailing List

Hi Todor,

No problem at all, and thank you for the clarification. It's understandable that setting up Postfix for relay can be challenging, especially when integrating it with external SMTP services like Office 365. Focusing on forums or resources dedicated to Postfix will likely provide more targeted assistance for resolving this issue.

If you encounter any further issues directly related to Wazuh while setting up alerts, feel free to reach out again.

Best regards,

Reply all
Reply to author
Forward
0 new messages