I have localhost set for my smtp server in ossec, and it uses the
local smtp server to send alerts.
<ossec_config>
<global>
......
<smtp_server>127.0.0.1</smtp_server>
.....
</global>
....
</ossec_config>
-Chuck (MdMonk)
On Tue, Sep 23, 2008 at 10:57 PM, cryogen <[EMAIL PROTECTED]> wrote:
>
> Greetings,
>
> I have a couple questions regarding the ossec-maild program. My
> university recently changed its policy regarding outgoing mail and
> we're no longer able to send unauthenticated mail, even internally.
> This broke the very useful e-mail alerts function in ossec on our
> site. What I was wondering is if someone could give me some ideas
> for how to unbreak it?
>
> There are several other unrelated services in use here that rely on
> the same mail functionality just mentioned, and I've worked around
> those by modifying the local sendmail. However, according to the
> wiki, ossec never touches the local sendmail. Is there a way to get
> ossec to use the system's sendmail?
>
> If not, is there a way to use ossec with an authenticated mail
> service? I've tried sending e-mail alerts out to a gmail account as
> suggested in the wiki, but it didn't work and I really don't like
> doing that anyway. Using a gmail account for ossec, while not
> strictly against our security policy, is not exactly encouraged.
>
> I've considered setting up an industrial strength MTA like exim or
> postfix to relay mail off the local machine, but that is serious
> overkill for us since ossec would pretty much be the only thing using
> it. I've also looked at smaller MTA's but none of them seem capable
> of communicating with ossec, i.e. they can't deamonize like ossec
> seems to need.
>
> Does anyone have some suggestions?
>
> --cryogen
>
