I have the same problem with OSSEC because my ISP's SMTP account uses a non-standard port and requires authentication as anti-spamming measures, and you can't configure those things using the standard OSSEC options.
I created an active response rule and script that does the mailing, and disabled OSSEC's built-in emailing. See this article http://www.ossec.net/wiki/Know_How:CustomActiveResponses on building active response scripts. It was very helpful to me for mine. - Dave
