I need the instructions to configure wazuh for the SMTP server with authenticaction but using sendmail as MTA

1,685 views

Skip to first unread message

Yolanda Prieto

unread,

Apr 9, 2018, 8:02:10 PM4/9/18

to Wazuh mailing list

Hi team,

I already followed the instructions here to configure

SMTP server with authentication with postfix and works fine:

https://documentation.wazuh.com/2.0/user-manual/manager/output-options/manual-email-report/smtp_authentication.html

But I have another system in the same box that wazuh, that is using sendmail as MTA.

I need the instructions to configure wazuh for the SMTP server with authenticaction but using sendmail as MTA

Any idea will be very useful.

Regards,

Yolanda Prieto.

Chema Martinez

unread,

Apr 16, 2018, 5:41:30 AM4/16/18

to Yolanda Prieto, Wazuh mailing list

Hi Yolanda,

Sorry for the late response.

To configure Wazuh for send alerts by email using sendmail is similar to configure postfix.

At first, you have to configure Wazuh to forward alerts by email as follows:

<global>
...

<email_notification>yes</email_notification>
<smtp_server>localhost</smtp_server>
<email_from>oss...@localhost.localdomain</email_from>
<email_to>my_e...@wazuh.com</email_to>
<email_maxperhour>12</email_maxperhour>
</global>

<alerts>

<email_alert_level>X</email_alert_level>

</alerts>

Once the Wazuh manager is configured, we have to configure the MTA that the host will use to forward emails. First of all, we have to install sendmail (let see an example for CentOS):

yum install sendmail sendmail-cf

To configure sendmail, we have to edit the file "/etc/mail/sendmail.mc" with particular attention to the following fields:

# Define the SMTP server for your email

dnl define(`SMART_HOST', `aspmx.l.google.com.')dnl

# Define the listening address (it has to be the loopback address in our case)

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

# The hostname of the manager

LOCAL_DOMAIN(`localhost.localdomain')dnl

After that, we use the Makefile located at /etc/mail to generate the new configuration file:

make -C /etc/mail

Finally, we have to restart the service:

systemctl restart sendmail

At this point you should be able to receive the generated alerts in your email, you can test your configuration using the following command:

echo "Test mail from postfix" | mail -s "Test Postfix" you@example.com

If you can't see alerts in your email Inbox, check the Spam as well. Sometimes this kind of email goes to that box.

I hope it helps,

Best regards.

Chema Martinez | IT Engineer — Wazuh, Inc.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/f06c750d-ec58-4db0-9423-eb46424a7bc9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

0 new messages