I just upgraded from 2.0 to 2.1.1, and now OSSEC is unable to send any emails. The log says:
2009/07/20 10:16:19 ossec-logcollector: INFO: Started (pid: 4596). 2009/07/20 10:16:49 ossec-syscheckd: INFO: Starting syscheck database (pre-scan). 2009/07/20 10:18:08 ossec-maild(1223): ERROR: Error Sending email to 172.31.7.3 (smtp server) and a wireshark trace of the TCP connection to the mailserver shows just this: -> 220 redacted.redacted.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Mon, 20 Jul 2009 10:26:26 +0100 <- Helo notify.ossec.net -> 250 redacted.redacted.com Hello [172.31.8.8] <- Mail From: <os...@boggle> -> 250 2.1.0 [email protected] OK And that's it. OSSEC simply drops the call with a TCP FIN,ACK as soon as the SMTP server says Sender OK. I didn't change the OSSEC mail configuration although I did opt to update the rules, and the SMTP server has not changed. Is there a problem with the latest maild in OSSEC?
