Greetings, I have a couple questions regarding the ossec-maild program. My university recently changed its policy regarding outgoing mail and we're no longer able to send unauthenticated mail, even internally. This broke the very useful e-mail alerts function in ossec on our site. What I was wondering is if someone could give me some ideas for how to unbreak it?
There are several other unrelated services in use here that rely on the same mail functionality just mentioned, and I've worked around those by modifying the local sendmail. However, according to the wiki, ossec never touches the local sendmail. Is there a way to get ossec to use the system's sendmail? If not, is there a way to use ossec with an authenticated mail service? I've tried sending e-mail alerts out to a gmail account as suggested in the wiki, but it didn't work and I really don't like doing that anyway. Using a gmail account for ossec, while not strictly against our security policy, is not exactly encouraged. I've considered setting up an industrial strength MTA like exim or postfix to relay mail off the local machine, but that is serious overkill for us since ossec would pretty much be the only thing using it. I've also looked at smaller MTA's but none of them seem capable of communicating with ossec, i.e. they can't deamonize like ossec seems to need. Does anyone have some suggestions? --cryogen
