Wazuh Email Alert not working

[Erbil Suli]

Hello Dears

I have configured Wazuh Email alert configuration as mentioned in documentation (SMTP server with authentication - Configuring email alerts (wazuh.com)

1. Update and install Packages

yum update && yum install postfix mailx cyrus-sasl cyrus-sasl-plain

2.In /etc/postfix/main.cf  I put below config at end of file

relayhost = smtp.gmail.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_use_tls = yes

3.Run command as below

echo smtp.gmail.com:587 "MyGmailAccount"@gmail.com:"MyPassword" > /etc/postfix/sasl_passwd

postmap /etc/postfix/sasl_passwd

chmod 400 /etc/postfix/sasl_passwd

4.

chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

5.systemctl restart postfix

When I try to send test email by below command

echo "Test mail from postfix" | mail -s "Test Postfix" -r "MyGmailAccount"@gmail.com" MyGmailAccount"@gmail.com

it will not be send after checking the /var/log/maillog it contains below errors, any Ideas Please

Jan 14 09:56:20 wazuh-server postfix/postfix-script[5701]: starting the Postfix mail system

Jan 14 09:56:20 wazuh-server postfix/master[5751]: daemon started -- version 2.10.1, configuration /etc/postfix

Jan 14 10:21:49 wazuh-server postfix/postfix-script[5733]: starting the Postfix mail system

Jan 14 10:21:49 wazuh-server postfix/master[5790]: daemon started -- version 2.10.1, configuration /etc/postfix

Jan 14 10:43:12 wazuh-server postfix/postfix-script[20742]: stopping the Postfix mail system

Jan 14 10:43:12 wazuh-server postfix/master[5790]: terminating on signal 15

Jan 14 10:43:14 wazuh-server postfix/postfix-script[20824]: starting the Postfix mail system

Jan 14 10:43:14 wazuh-server postfix/master[20826]: daemon started -- version 2.10.1, configuration /etc/postfix

Jan 14 10:43:53 wazuh-server postfix/pickup[20827]: D47708507E: uid=0 from=<MyGmail...@gmail.com>

Jan 14 10:43:53 wazuh-server postfix/cleanup[20834]: D47708507E: message-id=<65a3bae9.uyawJZDYpLPGYIb9%MyGmail...@gmail.com>

Jan 14 10:43:53 wazuh-server postfix/qmgr[20828]: D47708507E: from=<MyGmail...@gmail.com>, size=465, nrcpt=1 (queue active)

Jan 14 10:43:54 wazuh-server postfix/smtp[20836]: connect to smtp.gmail.com[2a00:1450:400c:c0c::6d]:587: Network is unreachable

Jan 14 10:43:54 wazuh-server postfix/smtp[20836]: fatal: tls_fprint: error computing md5 message digest

Jan 14 10:43:55 wazuh-server postfix/qmgr[20828]: warning: private/smtp socket: malformed response

Jan 14 10:43:55 wazuh-server postfix/qmgr[20828]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description

Jan 14 10:43:55 wazuh-server postfix/master[20826]: warning: process /usr/libexec/postfix/smtp pid 20836 exit status 1

Jan 14 10:43:55 wazuh-server postfix/master[20826]: warning: /usr/libexec/postfix/smtp: bad command startup -- throttling

Jan 14 10:43:55 wazuh-server postfix/error[20838]: D47708507E: to=<MyGmail...@gmail.com>, relay=none, delay=2, delays=0.13/1.8/0/0.06, dsn=4.3.0, status=deferred (unknown mail transpor$

Jan 14 10:53:14 wazuh-server postfix/qmgr[20828]: D47708507E: from=<MyGmail...@gmail.com>, size=465, nrcpt=1 (queue active)

Jan 14 10:53:14 wazuh-server postfix/smtp[20883]: fatal: tls_fprint: error computing md5 message digest

Jan 14 10:53:15 wazuh-server postfix/qmgr[20828]: warning: private/smtp socket: malformed response

Jan 14 10:53:15 wazuh-server postfix/qmgr[20828]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description

Jan 14 10:53:15 wazuh-server postfix/master[20826]: warning: process /usr/libexec/postfix/smtp pid 20883 exit status 1

Jan 14 10:53:15 wazuh-server postfix/master[20826]: warning: /usr/libexec/postfix/smtp: bad command startup -- throttling

Jan 14 10:53:16 wazuh-server postfix/error[20884]: D47708507E: to=<MyGmail...@gmail.com>, relay=none, delay=562, delays=560/1.8/0/0.06, dsn=4.3.0, status=deferred (unknown mail transpo$

[Pablo D]

Hi Erbil

Thanks for using Wazuh!

After reviewing your message, I can suggest the following two actions you could do in your environment in order to fix the issues:

1) There is an error message related to "Network is unreachable", this usually happens when postfix tries to use ipv6 and you have ipv4 network configured.
To force postfix to use ipv4 you could find in /etc/postfix/main.cf at postfix server the following line: 

• # inet_protocols = ipv6 

and change it to = ipv4

As a result, after saving the file, you may check the new value as follows:

• # cat /etc/postfix/main.cf | grep inet_protocols
• inet_protocols = ipv4

2) Also, I can see fatal errors related to “error computing md5 message digest” in postfix log (/var/log/maillog) after sending the email test.

You could fix this executing the following instructions:
As root user, run the following commands to switch postfix from the default MD5 hashing function to SHA-256 in Postfix server

• # postconf -e smtp_tls_fingerprint_digest=sha256
• # postconf -e smtpd_tls_fingerprint_digest=sha256

Next, restart postfix to apply changes

• # systemctl restart postfix

Then, try again mail testing as documented in previous step.

Please, let us know if the above procedure fixes the reported issue.
I will be waiting for your response.

Thank you.

Regards,
Pablo D