Help Needed – Wazuh Email Alert Configuration on K8S with Postfix
35 views
Skip to first unread message
Kishor Vaishanav
Jul 31, 2025, 2:03:59 AM7/31/25
to Wazuh | Mailing List
Hi Wazuh Community Team,
I have Wazuh running on an K8S cluster. Email alerts are configured using Gmail SMTP with Postfix.
First, I set up Postfix in a separate pod and tested it with echo "Test mail from postfix" | mail -s "Test Postfix" -r "<CONFIGURED_EMAIL>" <RECEIVER_EMAIL> – it worked fine.
Then I configured Wazuh to use that relay by setting <smtp_server>postfix-relay.wazuh.svc.cluster.local</smtp_server> in ossec.conf, but Wazuh could not connect to the service IP.
After that, I installed Postfix directly inside the Wazuh manager pod, set <smtp_server>localhost</smtp_server>, restarted Postfix and Wazuh services, and tested again with the same command. No emails were sent, and there was no error. Inside the manager pod, /var/log/maillog is also missing, so I cannot check Postfix logs.
Below are my configuration details:
/var/ossec/etc/ossec.conf (attached)
/etc/postfix/main.cf (attached)
Output of ls -ll /etc/postfix/sasl_passwd.db (attached)
I followed the official Wazuh email alert documentation.
https://documentation.wazuh.com/current/user-manual/manager/alert-management.html#alert-management
Could you please help me understand why Wazuh manager pod is not sending any email alerts, and why postfix logs are missing?
Thanks & Regards,
kishor vaishanav
I have Wazuh running on an K8S cluster. Email alerts are configured using Gmail SMTP with Postfix.
First, I set up Postfix in a separate pod and tested it with echo "Test mail from postfix" | mail -s "Test Postfix" -r "<CONFIGURED_EMAIL>" <RECEIVER_EMAIL> – it worked fine.
Then I configured Wazuh to use that relay by setting <smtp_server>postfix-relay.wazuh.svc.cluster.local</smtp_server> in ossec.conf, but Wazuh could not connect to the service IP.
After that, I installed Postfix directly inside the Wazuh manager pod, set <smtp_server>localhost</smtp_server>, restarted Postfix and Wazuh services, and tested again with the same command. No emails were sent, and there was no error. Inside the manager pod, /var/log/maillog is also missing, so I cannot check Postfix logs.
Below are my configuration details:
/var/ossec/etc/ossec.conf (attached)
/etc/postfix/main.cf (attached)
Output of ls -ll /etc/postfix/sasl_passwd.db (attached)
I followed the official Wazuh email alert documentation.
https://documentation.wazuh.com/current/user-manual/manager/alert-management.html#alert-management
Could you please help me understand why Wazuh manager pod is not sending any email alerts, and why postfix logs are missing?
Thanks & Regards,
kishor vaishanav
Disclaimer
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. INTECH Creative Services Pvt. Ltd. will not accept any liability in respect of such communication, and the employee responsible will be personally liable for any damages or other liability arising.
ismail....@wazuh.com
Aug 1, 2025, 12:47:50 AM8/1/25
to Wazuh | Mailing List
Hi,
I'm looking into it. I will respond to you as soon as possible.
Regards
I'm looking into it. I will respond to you as soon as possible.
Regards
ismail....@wazuh.com
Aug 1, 2025, 7:55:20 AM8/1/25
to Wazuh | Mailing List
Hi,
We have reviewed the server configuration, and everything appears to be set up correctly. As you mentioned, there are no errors in the ossec.log, which indicates that the Wazuh email configuration itself is not experiencing any issues.
To troubleshoot further from your end, please perform the following checks:
Verify Postfix Connectivity: telnet localhost 25
Check Postfix Logs:
Since /var/log/maillog is missing, configure Postfix to log to stdout for visibility inside the pod. Then monitor the container logs to capture any mail-related events:
postconf -e "maillog_file = /dev/stdout"
postfix reload
If you are using the external postfix-relay.wazuh.svc.cluster.local, check DNS resolution and network policy to ensure the Wazuh pod can reach it on port 25.
Also, Run Wazuh Mail Daemon in Debug Mode:
Run the following command to trace email delivery in real-time: /var/ossec/bin/wazuh-maild -fdd
This will run the mail daemon in the foreground with double debug mode and will show the SMTP conversation between Wazuh and Postfix.
I hope it helps. Please let us know if you have any further queries or issues here.
Regards,
We have reviewed the server configuration, and everything appears to be set up correctly. As you mentioned, there are no errors in the ossec.log, which indicates that the Wazuh email configuration itself is not experiencing any issues.
To troubleshoot further from your end, please perform the following checks:
Verify Postfix Connectivity: telnet localhost 25
Check Postfix Logs:
Since /var/log/maillog is missing, configure Postfix to log to stdout for visibility inside the pod. Then monitor the container logs to capture any mail-related events:
postconf -e "maillog_file = /dev/stdout"
postfix reload
If you are using the external postfix-relay.wazuh.svc.cluster.local, check DNS resolution and network policy to ensure the Wazuh pod can reach it on port 25.
Also, Run Wazuh Mail Daemon in Debug Mode:
Run the following command to trace email delivery in real-time: /var/ossec/bin/wazuh-maild -fdd
This will run the mail daemon in the foreground with double debug mode and will show the SMTP conversation between Wazuh and Postfix.
I hope it helps. Please let us know if you have any further queries or issues here.
Regards,
Reply all
Reply to author
Forward
0 new messages