Anything I should look out for specifically?
On Monday 28 June 2010 16:13:23 dan (ddp) wrote:
> You could try using tcpdump to see if there is an error returned from
> the remote smtp server.
>
> On Fri, Jun 25, 2010 at 5:24 AM, Ivan Lezhnjov Jr.
>
> <[email protected]> wrote:
> > Yes, there are plenty but all the same. It's a message that states
> > "ERROR: Error Sending email to 74.125.43.27 (smtp server)" nothing else,
> > even with debug mode turned on.
> >
> > 2010/06/25 06:18:21 ossec-maild: DEBUG: Starting ...
> > 2010/06/25 06:18:21 ossec-maild: INFO: Chrooted to directory: /var/ossec,
> > using user: ossecm
> > 2010/06/25 06:18:21 ossec-maild: INFO: Started (pid: 3266).
> > 2010/06/25 06:18:40 ossec-syscheckd: INFO: Starting syscheck database
> > (pre- scan).
> > 2010/06/25 06:19:46 ossec-syscheckd: INFO: Finished creating syscheck
> > database (pre-scan completed).
> > 2010/06/25 06:21:46 ossec-syscheckd: INFO: Starting syscheck scan
> > (forwarding database).
> > 2010/06/25 06:22:17 ossec-maild(1223): ERROR: Error Sending email to
> > 74.125.43.27 (smtp server)
> > 2010/06/25 06:22:27 ossec-maild(1223): ERROR: Error Sending email to
> > 74.125.43.27 (smtp server)
> > 2010/06/25 06:25:10 ossec-syscheckd: INFO: Ending syscheck scan
> > (forwarding database).
> > 2010/06/25 06:25:30 ossec-rootcheck: INFO: Starting rootcheck scan.
> > 2010/06/25 06:28:58 ossec-rootcheck: INFO: Ending rootcheck scan.
> >
> > I'm wondering what causes the error. The error message itself isn't
> > really helpful.
> >
> > On Thursday 24 June 2010 16:52:00 dan (ddp) wrote:
> >> Are there any errors in ossec.log regarding email? Have you tried
> >> running the daemon in debug mode?
> >>
> >> OSSEC's email daemon is pretty bare bones, so it might be worth while
> >> to route it through the system's smtpd.
> >>
> >> On Tue, Jun 22, 2010 at 3:19 AM, Ivan Lezhnjov Jr.
> >>
> >> <[email protected]> wrote:
> >> > Hey guys!
> >> >
> >> > I've been using OSSEC for a while on two Linux based routers and I
> >> > noticed that e-mail notifications on one of them is working almost
> >> > perfectly, meaning that e-mail notifications are sent out and OSSEC
> >> > can connect to the GMail's SMTP server but there's a problem. At
> >> > irregular intervals OSSEC fails to connect to GMail's SMTP.
> >> >
> >> > The second machine wasn't able to send out even a single e-mail
> >> > notification.
> >> >
> >> > Both machines use identical configuration (my e-mail address was
> >> > mangled to spam-protect myself):
> >> >
> >> > <global>
> >> > <email_notification>yes</email_notification>
> >> > <email_to>[email protected]</email_to>
> >> > <smtp_server>gmail-smtp-in.l.google.com</smtp_server>
> >> > <email_from>[email protected]</email_from>
> >> > </global>
> >> >
> >> > Each machine is located in a different network (autonomous
> >> > systems/ISPs).
> >> >
> >> > I have trouble seeing why one machine would send out e-mail
> >> > notifications successfully, albeit sometimes it fails to, due to its
> >> > inability to connect to the specified SMTP server, so I thought I'd
> >> > ask this here.
> >> >
> >> > Also, why another machine never succeeded at sending at least a single
> >> > e-mail notification remains a complete mystery to me. It simply
> >> > doesn't make sense when I try to approach and understand this issue
> >> > with the "traditional" knowledge of e-mail infrastructure workflow.
> >> > Identical configurations
> >> >
> >> > My goal is to have robust e-mail notifications and working. So, I've
> >> > been wondering for a while why OSSEC works so unreliably with GMail's
> >> > SMTP and if it's the same story with any other SMTP (I never tried
> >> > any other).
> >> >
> >> > Also, I've been thinking about setting up my own SMTP server on these
> >> > two routers but I'm not really sure what kind of setup I should aim
> >> > for and/or if this will help at all. I'd appreciate it if someone
> >> > gave a hint on this.
> >> >
> >> > --
> >> >
> >> > Ivan Lezhnjov Jr.
> >> >
> >> > Europe, Ukraine, Simferopol
> >> >
> >> > +---------------------------------------------------------------------
> >> > -+
> >> >
> >> > Key ID 0x5811D90C
> >> > Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C
> >> > Use GPG Exercise Your Right To Privacy
> >
> > --
> >
> > Ivan Lezhnjov Jr.
> >
> > Europe, Ukraine, Simferopol
> >
> > +----------------------------------------------------------------------+
> >
> > Key ID 0x5811D90C
> > Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C
> > Use GPG Exercise Your Right To Privacy
--
Ivan Lezhnjov Jr.
Europe, Ukraine, Simferopol
+----------------------------------------------------------------------+
Key ID 0x5811D90C
Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C
Use GPG Exercise Your Right To Privacy
