Email notification configuration
80 views
Skip to first unread message
Dhiren Chavda
Sep 23, 2024, 3:15:00 AM9/23/24
to Wazuh | Mailing List
Hello team,
i am configuring email notification alerts in wazuh with our own smtp server
after configuring the ossec file it is not sending mail and we cannot use the postfix method
so how can i configure our smtp server to send email notification
Lamya Imam
Sep 23, 2024, 6:29:24 AM9/23/24
to Wazuh | Mailing List
Hello
Dhiren Chavda,
At first, I would need you to ensure if the smtp_server is reachable from the Wazuh manager.
Can you send test mail from the Wazuh server to the recipient's mail with the existing SMTP server?
Also, it would be helpful if you could kindly share more details about the SMTP Servers.
To send email alerts with SMTP authentication you have to configure a server relay. SMTP relays forward emails to other mail servers, often for internal-to-external communication. If both are on the same network or connected through a relay host, it works without an SMTP relay. However, if the recipient's mail server is external or not directly reachable, configuring an SMTP relay becomes essential. If the recipient's mail server is not on the same network as the Wazuh manager, or if the Wazuh manager cannot connect to the recipient's mail server using a relay host, then Wazuh will be unable to send emails.
Remember, SMTP relays act as intermediaries, forwarding emails. We recommend using postfix but as you have already mentioned that you cannot use that, instead you can use Sendmail or something similar if needed.
For further reference, please check out our official documentation:
https://wazuh.com/blog/how-to-send-email-notifications-with-wazuh/
https://documentation.wazuh.com/current/user-manual/manager/alert-management.html#smtp-server-with-authentication
Let me know!
At first, I would need you to ensure if the smtp_server is reachable from the Wazuh manager.
Can you send test mail from the Wazuh server to the recipient's mail with the existing SMTP server?
Also, it would be helpful if you could kindly share more details about the SMTP Servers.
To send email alerts with SMTP authentication you have to configure a server relay. SMTP relays forward emails to other mail servers, often for internal-to-external communication. If both are on the same network or connected through a relay host, it works without an SMTP relay. However, if the recipient's mail server is external or not directly reachable, configuring an SMTP relay becomes essential. If the recipient's mail server is not on the same network as the Wazuh manager, or if the Wazuh manager cannot connect to the recipient's mail server using a relay host, then Wazuh will be unable to send emails.
Remember, SMTP relays act as intermediaries, forwarding emails. We recommend using postfix but as you have already mentioned that you cannot use that, instead you can use Sendmail or something similar if needed.
For further reference, please check out our official documentation:
https://wazuh.com/blog/how-to-send-email-notifications-with-wazuh/
https://documentation.wazuh.com/current/user-manual/manager/alert-management.html#smtp-server-with-authentication
Let me know!
Reply all
Reply to author
Forward
0 new messages