You could try using tcpdump to see if there is an error returned from the remote smtp server.
On Fri, Jun 25, 2010 at 5:24 AM, Ivan Lezhnjov Jr. <[email protected]> wrote: > Yes, there are plenty but all the same. It's a message that states "ERROR: > Error Sending email to 74.125.43.27 (smtp server)" nothing else, even with > debug mode turned on. > > 2010/06/25 06:18:21 ossec-maild: DEBUG: Starting ... > 2010/06/25 06:18:21 ossec-maild: INFO: Chrooted to directory: /var/ossec, > using user: ossecm > 2010/06/25 06:18:21 ossec-maild: INFO: Started (pid: 3266). > 2010/06/25 06:18:40 ossec-syscheckd: INFO: Starting syscheck database (pre- > scan). > 2010/06/25 06:19:46 ossec-syscheckd: INFO: Finished creating syscheck database > (pre-scan completed). > 2010/06/25 06:21:46 ossec-syscheckd: INFO: Starting syscheck scan (forwarding > database). > 2010/06/25 06:22:17 ossec-maild(1223): ERROR: Error Sending email to > 74.125.43.27 (smtp server) > 2010/06/25 06:22:27 ossec-maild(1223): ERROR: Error Sending email to > 74.125.43.27 (smtp server) > 2010/06/25 06:25:10 ossec-syscheckd: INFO: Ending syscheck scan (forwarding > database). > 2010/06/25 06:25:30 ossec-rootcheck: INFO: Starting rootcheck scan. > 2010/06/25 06:28:58 ossec-rootcheck: INFO: Ending rootcheck scan. > > I'm wondering what causes the error. The error message itself isn't really > helpful. > > On Thursday 24 June 2010 16:52:00 dan (ddp) wrote: >> Are there any errors in ossec.log regarding email? Have you tried >> running the daemon in debug mode? >> >> OSSEC's email daemon is pretty bare bones, so it might be worth while >> to route it through the system's smtpd. >> >> On Tue, Jun 22, 2010 at 3:19 AM, Ivan Lezhnjov Jr. >> >> <[email protected]> wrote: >> > Hey guys! >> > >> > I've been using OSSEC for a while on two Linux based routers and I >> > noticed that e-mail notifications on one of them is working almost >> > perfectly, meaning that e-mail notifications are sent out and OSSEC can >> > connect to the GMail's SMTP server but there's a problem. At irregular >> > intervals OSSEC fails to connect to GMail's SMTP. >> > >> > The second machine wasn't able to send out even a single e-mail >> > notification. >> > >> > Both machines use identical configuration (my e-mail address was mangled >> > to spam-protect myself): >> > >> > <global> >> > <email_notification>yes</email_notification> >> > <email_to>[email protected]</email_to> >> > <smtp_server>gmail-smtp-in.l.google.com</smtp_server> >> > <email_from>[email protected]</email_from> >> > </global> >> > >> > Each machine is located in a different network (autonomous systems/ISPs). >> > >> > I have trouble seeing why one machine would send out e-mail notifications >> > successfully, albeit sometimes it fails to, due to its inability to >> > connect to the specified SMTP server, so I thought I'd ask this here. >> > >> > Also, why another machine never succeeded at sending at least a single >> > e-mail notification remains a complete mystery to me. It simply doesn't >> > make sense when I try to approach and understand this issue with the >> > "traditional" knowledge of e-mail infrastructure workflow. Identical >> > configurations >> > >> > My goal is to have robust e-mail notifications and working. So, I've been >> > wondering for a while why OSSEC works so unreliably with GMail's SMTP and >> > if it's the same story with any other SMTP (I never tried any other). >> > >> > Also, I've been thinking about setting up my own SMTP server on these two >> > routers but I'm not really sure what kind of setup I should aim for >> > and/or if this will help at all. I'd appreciate it if someone gave a >> > hint on this. >> > >> > -- >> > >> > Ivan Lezhnjov Jr. >> > >> > Europe, Ukraine, Simferopol >> > >> > +----------------------------------------------------------------------+ >> > >> > Key ID 0x5811D90C >> > Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C >> > Use GPG Exercise Your Right To Privacy > -- > > Ivan Lezhnjov Jr. > > Europe, Ukraine, Simferopol > > +----------------------------------------------------------------------+ > > Key ID 0x5811D90C > Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C > Use GPG Exercise Your Right To Privacy >
