No go. Here's what I have in the e-mail config:
<global>
<email_notification>yes</email_notification>
<email_to>[EMAIL PROTECTED]</email_to>
<smtp_server>127.0.0.1</smtp_server>
<email_from>[EMAIL PROTECTED]</email_from>
</global>
and here's what the logs say:
2008/09/24 09:34:59 ossec-maild(1223): ERROR: Error Sending email to
127.0.0.1 (smtp server)
Do you have an smtp daemon listening on localhost? I just have a
lightweight MTA to get mail off the system (ssmtp to be specific,
nobody uses mail functionality besides root).
On Sep 24, 2008, at 7:36 AM, MdMonk wrote:
>
> I have localhost set for my smtp server in ossec, and it uses the
> local smtp server to send alerts.
>
> <ossec_config>
> <global>
> ......
> <smtp_server>127.0.0.1</smtp_server>
> .....
> </global>
> ....
> </ossec_config>
>
> -Chuck (MdMonk)
>
> On Tue, Sep 23, 2008 at 10:57 PM, cryogen <[EMAIL PROTECTED]>
> wrote:
>>
>> Greetings,
>>
>> I have a couple questions regarding the ossec-maild program. My
>> university recently changed its policy regarding outgoing mail and
>> we're no longer able to send unauthenticated mail, even internally.
>> This broke the very useful e-mail alerts function in ossec on our
>> site. What I was wondering is if someone could give me some ideas
>> for how to unbreak it?
>>
>> There are several other unrelated services in use here that rely on
>> the same mail functionality just mentioned, and I've worked around
>> those by modifying the local sendmail. However, according to the
>> wiki, ossec never touches the local sendmail. Is there a way to get
>> ossec to use the system's sendmail?
>>
>> If not, is there a way to use ossec with an authenticated mail
>> service? I've tried sending e-mail alerts out to a gmail account as
>> suggested in the wiki, but it didn't work and I really don't like
>> doing that anyway. Using a gmail account for ossec, while not
>> strictly against our security policy, is not exactly encouraged.
>>
>> I've considered setting up an industrial strength MTA like exim or
>> postfix to relay mail off the local machine, but that is serious
>> overkill for us since ossec would pretty much be the only thing using
>> it. I've also looked at smaller MTA's but none of them seem capable
>> of communicating with ossec, i.e. they can't deamonize like ossec
>> seems to need.
>>
>> Does anyone have some suggestions?
>>
>> --cryogen
>>
