Hi Juan:
It seems quite clear that the Wazuh server cannot connect to the mail server. First, ensure that a simple mail can be received from the Wazuh server executing the Postfix command:
Previously, I would also tail the Postfix log to see what happened when postfix try to send the mail:
# tail -f /var/log/mailog
If the test mail is not received, we can confirm that there is a connectivity issue between your Wazuh server and the mail server. Ensure that port 587 is not being used or blocked in the Wazuh server firewall or in any other device between.
Regarding the configuration of Postfix itself, please check the validity of the CA cert. It might be expired:
# openssl x509 -enddate -noout -in /etc/ssl/certs/ca-certificates.crt
Finally, checking your Wazuh configuration, I can see that <email_alert_level> is not configured in the <alerts>. This means that default value of level=12 will be used:
The granular "email_alerts" options you have configured will not triggered any mail because the previous configuration has higher priority. Only alerts with level 12 or higher will trigger mails in this case. To overcome this, you have to add this in your config:
# vi /var/ossec/etc/ossec.conf
...
<alerts>
<log_alert_level>3</log_alert_level>
<email_alert_level>4</email_alert_level>
</alerts>
...
And then restart your wazuh-manager:
# systemctl restart wazuh-manager
With this config, your configured recipients will receive up to 12 mails per hours from alerts with level=4 or higher.