Until now, I've used the local sendmail server for sending email. Sending via a local mail server works fine. For various reasons, I now have to start sending the emails directly to our exchange server. However, as soon as I change the ip address from localhost to the IP address of the mail server, I start getting errors in the ossec.log file and no emails are received. The error I'm getting is "ossec-maild (1223): ERROR: Error Sending email to n.n.n.n (smtp server)". I've done some tcpdump of the traffic and I can capture the following data; 220 hostname Microsoft ESMTP MAIL Service ready at Tue, 6 Jan 2009 11:24:01 +1300 Helo notify.ossec.net 250 hostname Hello [n.n.n.n] Mail From: <os...@syslog> 250 2.1.0 [email protected] OK
The message "250 2.1.0 [email protected] OK" is from the excange server. The next thing I would expect is for my ossec server to send the Rcpt To command with my email address however the very next package the ossec server sends is a [Fin,Ack] to the exchange server. If I telnet to the mail server manually on port 25 I can send email just fine. # telnet n.n.n.n 25 Trying n.n.n.n... Connected to n.n.n.n. Escape character is '^]'. 220 hostname Microsoft ESMTP MAIL Service ready at Tue, 6 Jan 2009 14:50:51 +1300 Helo notify.ossec.net 250 hostname [n.n.n.n] Mail From: <os...@syslog> 250 2.1.0 [email protected] OK Rcpt To:<m...@emailaddress> 250 2.1.5 m...@emailaddress data 354 Start mail input; end with <CRLF>.<CRLF> Subject: test . 250 2.6.0 <i...@hostname> Queued mail for delivery quit 221 2.0.0 hostname Service closing transmission channel Connection closed by foreign host. Does anyone have any idea why ossec may be shutting down the connection in the middle of the email delivery? Is anyone else able to send direclty to an exchange server? Cheers /Martin
