Greetings: Operating System: CentOS 5 Kernel: 2.6.18-53.1.4.el5 #1 SMP Mail server: qmail
Running OSSEC 1.4 from http://www.ossec.net/files/snapshots/ossec-hids-071206.tar.gz The server is using NAT with public and private IP addresses, and is actually a vmware node. Approximately 44 seconds after starting / restarting ossec I get the following error message in /var/ossec/logs/ossec.log 2007/12/13 06:05:48 ossec-maild(1223): Error Sending email to aaa.bbb.ccc.ddd (smtp server) Where aaa.bbb.ccc.ddd is the public IP address of the mail server. In /var/ossec/etc/ossec.conf , I've tried the private IP address of the mail server, 10.184.45.58, the public IP address of the mail server, as well as the mail.[domain name] method. All of them lead to the same error message (public IP always in the error message even when I use the private IP for the mail server in ossec.conf). /var/log/maillog does not even show the attempt by ossec-maild to communicate with the mail server (qmail). How can I best trouble shoot this situation? Thank you.
