Are there any errors in ossec.log regarding email? Have you tried running the daemon in debug mode?
OSSEC's email daemon is pretty bare bones, so it might be worth while to route it through the system's smtpd. On Tue, Jun 22, 2010 at 3:19 AM, Ivan Lezhnjov Jr. <[email protected]> wrote: > Hey guys! > > I've been using OSSEC for a while on two Linux based routers and I noticed > that e-mail notifications on one of them is working almost perfectly, meaning > that e-mail notifications are sent out and OSSEC can connect to the GMail's > SMTP server but there's a problem. At irregular intervals OSSEC fails to > connect to GMail's SMTP. > > The second machine wasn't able to send out even a single e-mail notification. > > Both machines use identical configuration (my e-mail address was mangled to > spam-protect myself): > > <global> > <email_notification>yes</email_notification> > <email_to>[email protected]</email_to> > <smtp_server>gmail-smtp-in.l.google.com</smtp_server> > <email_from>[email protected]</email_from> > </global> > > Each machine is located in a different network (autonomous systems/ISPs). > > I have trouble seeing why one machine would send out e-mail notifications > successfully, albeit sometimes it fails to, due to its inability to connect to > the specified SMTP server, so I thought I'd ask this here. > > Also, why another machine never succeeded at sending at least a single e-mail > notification remains a complete mystery to me. It simply doesn't make sense > when I try to approach and understand this issue with the "traditional" > knowledge of e-mail infrastructure workflow. Identical configurations > > My goal is to have robust e-mail notifications and working. So, I've been > wondering for a while why OSSEC works so unreliably with GMail's SMTP and if > it's the same story with any other SMTP (I never tried any other). > > Also, I've been thinking about setting up my own SMTP server on these two > routers but I'm not really sure what kind of setup I should aim for and/or if > this will help at all. I'd appreciate it if someone gave a hint on this. > > -- > > Ivan Lezhnjov Jr. > > Europe, Ukraine, Simferopol > > +----------------------------------------------------------------------+ > > Key ID 0x5811D90C > Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C > Use GPG Exercise Your Right To Privacy >
