postfix email_from dif auth_mail
25 views
Skip to first unread message
German DiCasas
Nov 28, 2025, 11:48:44 AM (3 days ago) Nov 28
to Wazuh | Mailing List
Hi team,
I have an issue here with wazuh 4.14. I set up postfix an work with the command mail of linux but no over wazuh.
I have an user mail for authenticacion that differs from the mail_from of wazuh. I mean, I have the auth user us...@domain.com with a password that can send only mails mails from wa...@domain.com to any mail destination. I check the config of my postfix and workd ok with:
main.cf of postfix is
relayhost = [smtp-server.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_use_tls = yes
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
smtp_tls_loglevel = 1
send mail ok with:
echo "Test mail from postfix" | mail -s "Test Postfix - 2" -r "wa...@domain.com" german@domain.com But over wazuh ossec.conf
I have an user mail for authenticacion that differs from the mail_from of wazuh. I mean, I have the auth user us...@domain.com with a password that can send only mails mails from wa...@domain.com to any mail destination. I check the config of my postfix and workd ok with:
main.cf of postfix is
relayhost = [smtp-server.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_use_tls = yes
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
smtp_tls_loglevel = 1
send mail ok with:
echo "Test mail from postfix" | mail -s "Test Postfix - 2" -r "wa...@domain.com" german@domain.com But over wazuh ossec.conf
<ossec_config>
<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>yes</email_notification>
<smtp_server>smtp-server.com </smtp_server>
<email_from>wa...@domain.com</email_from>
<email_to> german@domain.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<agents_disconnection_time>10m</agents_disconnection_time>
<agents_disconnection_alert_time>0</agents_disconnection_alert_time>
<update_check>yes</update_check>
</global>
/etc/postfix/sasl_passwd
[smtp-server.com]:587 us...@domain.com:123pass123 I know that email_from must be the same as the account set in postfix so that is the issue since the from mail is different to the auth user. I need authenticate with the user1 and the mail from is source1, how can manage that? How can send mails of alerts with that issue?
<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>yes</email_notification>
<smtp_server>smtp-server.com </smtp_server>
<email_from>wa...@domain.com</email_from>
<email_to> german@domain.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<agents_disconnection_time>10m</agents_disconnection_time>
<agents_disconnection_alert_time>0</agents_disconnection_alert_time>
<update_check>yes</update_check>
</global>
/etc/postfix/sasl_passwd
[smtp-server.com]:587 us...@domain.com:123pass123 I know that email_from must be the same as the account set in postfix so that is the issue since the from mail is different to the auth user. I need authenticate with the user1 and the mail from is source1, how can manage that? How can send mails of alerts with that issue?
authentication user is us...@domain.com
Thanks
German
diego...@wazuh.com
Nov 28, 2025, 12:07:58 PM (3 days ago) Nov 28
to Wazuh | Mailing List
Hi, Geman
I understand the situation: you need to authenticate with us...@domain.com but send emails with wa...@domain.com as the sender, and this works correctly from the command line with Postfix but not through Wazuh.
I will investigate the available configuration options for this scenario in Wazuh 4.14 and get back to you shortly with the complete information.
Message has been deleted
German DiCasas
Nov 28, 2025, 1:59:41 PM (3 days ago) Nov 28
to Wazuh | Mailing List
Done
The problem was the flag <smtp_server>smtp-server.com </smtp_server> over ossec.conf that need to be localhost on my case. Also, I did a smtp_generic_maps to change the mail from of wazuh.
thanks
Regards
German
Reply all
Reply to author
Forward
0 new messages