Wazuh Email Alerts Detection Problem

[Raj Vira]

Hi,

There is a problem in Postfix I encountered within my system, the mails of alerts are no longer been received and when I checked cat /var/log/maillog | grep postfix , I am receiving this kind of errors.

But when I send some testing mail I do receive this kind of logs:

Also I do receive partial log alerts but those are wrong email alerts which I receive:

In this Email alert which I received, you can see I got some different Hostname in the Subject/Title and some other hostname's/machine's alerts in mail body.

Any help on this would be greatly appreciated.

Thanks,

Raj Vira.

[Raj Vira]

Hi Team,

Along with that, there is one more error which is received for some mails

Any help on this would be greatly appreciated.

Thanks,

Raj Vira.

[Raj Vira]

Hi team,

Is there any update on this? I need to fix it ASAP.

[Raj Vira]

Hi team,

Along with those I am getting these errors too:

[Juan Carlos]

Hello Raj,

The maillog errors indicate there's an issue resolving the SMTP server. This can be caused due to either a connectivity issue, misconfiguration or lack of privileges.

In order to verify whether the Wazuh user in charge of sending emails has the capability to resolve and reach the server you may run:

sudo -u ossecm ping smtp.gmail.com -w 5

You may also run the same for the postfix user:

sudo -u ossecm ping smtp.gmail.com -w 5

If this command works with root but not the other two then there may be an issue with the permissions of the /etc/resolv.conf, ensure this file is readable by all users:

chmod a+r /etc/resolv.conf

It's also worth noting that Google only recognizes apps that use "Sign in with Google" as secure, so in order to use postfix to link to it you must enable the use of what they call Less Secure Apps here:

https://myaccount.google.com/lesssecureapps

Let us know if you have any more questions,

Best Regards,

Juan Carlos Tello

[Raj Vira]

Yes, it is as per the requirements,

Thanks for the help.

Warm regards,

Raj Vira

Associate Information Security Officer | IS Department

+91 7949006565 [ext :469] 

Acute Informatics Pvt. Ltd.| www.acuteinformatics.in

"CONFIDENTIALITY NOTICE: The information transmitted in this email and any attachments herein is confidential and is intended for the addressee(s) only. If you have received this email in error, please notify us immediately, delete the message from your computer system and destroy hard copies if any. If you are not the intended recipient, any unauthorized disclosure, copying, distribution, dissemination, publication, use of or access to the information contained herein is strictly prohibited. The obligation of confidentiality is a binding legal obligation, a proven breach of which will result in the imposition of damages. Although every effort has been made to ensure that this email is virus-free, it is recommended that you scan this email and any attachments thereto for viruses and Acute Informatics Pvt. Ltd. accepts no responsibility for any damage to the recipient’s system caused by this email and/or its attachments. Please note that messages to or from Acute Informatics Pvt. Ltd. may be monitored to ensure compliance with our policies."

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/61900244-79ff-42b3-a0ed-882840f8c342n%40googlegroups.com.