On Wed, Sep 28, 2016 at 11:37 AM, Laura Herrera <[email protected]> wrote: > Hi Dan, > > Yes, thank you, i have been trying to get this working all day. > > I am running ossec on an ubuntu 14.04 server and i need to be able to email > alerts of course. > > I saw in a separate post that ossec actually needs smtp listening on the > local server, and so i decided to use postfix as a relay. > To make things more complicated, my mail server is in office 365. > > Here my configurations: > /etc/postfix/main.cf (changes from original) > > smtp_sasl_auth_enable = yes > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd > smtp_generic_maps = hash:/etc/postfix/generic > > myhostname = ossec-1.example.com > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > myorigin = /etc/mailname > mydestination = localhost.localdomain, localhost > relayhost = smtp.office365.com:587 > mynetworks = 127.0.0.0/8, 10.0.0.0/8 > > /etc/postfix/generic > /.*/ [email protected] > > > /etc/postfix/sasl_passwd > [smtp.office365.com]:587 [email protected]:MyPassword > > > ossec.conf > <global> > <jsonout_output>no</jsonout_output> > <email_notification>yes</email_notification> > <smtp_server>localhost</smtp_server> > <email_to>[email protected]</email_to> > <email_from>[email protected]</email_from> > </global> > > I am sure postfix is listening on port 25: > tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN > 947/master > > The error i get, even after enabling debug mode in ossec is not very helpful > at all: > 2016/09/28 09:36:04 ossec-maild(1223): ERROR: Error Sending email to > 127.0.0.1 (smtp server) > > nothing before or after that can be of help... >
Have you checked postfix's logs to see if it is logging the error? > Sorry i don't know what else to say > > Thanks a lot, hope you can help > Laura > > > On Wednesday, 28 September 2016 11:47:20 UTC+1, dan (ddpbsd) wrote: >> >> On Sep 28, 2016 6:42 AM, "Laura Herrera" <[email protected]> wrote: >> > >> > Hi Theresa, >> > >> > Please can i ask how did you solve this problem? >> > >> >> If you're having issues, you could post details and we could try to help. >> >> > Thanks a lot, >> > Laura >> > >> > >> > On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote: >> >> >> >> OK, managed to fix this and face-palming myself.... >> >> >> >> i've tweaked the postfix config a bit, enabled the service and there we >> >> go... >> >> ossec-maild is now officially sending out alerts to my email address. >> >> >> >> theresa happy :) >> >> >> >> Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov: >> >>> >> >>> Theresa, try to issue command /var/ossec/bin/ossec-control enable >> >>> debug. It will increase log verbosity. Then restart OSSEC, and check >> >>> /var/ossec/log/ossec.log. >> >>> Also after restart try to issue command "ps aux | grep ossec", and >> >>> check, that ossec-maild process is running. >> >>> >> >>> сб, 4 июля 2015 г. в 19:13, theresa mic-snare <[email protected]>: >> >>>> >> >>>> i've also tried disabling iptables, but that didn't help either... >> >>>> but then again i can send out emails with mailx just find, so i don't >> >>>> think it's iptables blocking anyway... >> >>>> >> >>>> any ideas? >> >>>> >> >>>> >> >>>> Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare: >> >>>>> >> >>>>> Hi Daniil, >> >>>>> >> >>>>> I've already done that. The maillog doesn't show the mail being >> >>>>> sent, but there isn't an error either. It seems that the ossec-maild >> >>>>> isn't >> >>>>> even relaying it to the local smtp mta (ssmtp) because as said before >> >>>>> I can >> >>>>> send out mails with mailx just fine. >> >>>>> >> >>>>> The ossec.log doesn't even mention the ossec-maild even though the >> >>>>> process is running... >> >>>>> Hmm >> >>>> >> >>>> -- >> >>>> >> >>>> --- >> >>>> You received this message because you are subscribed to the Google >> >>>> Groups "ossec-list" group. >> >>>> To unsubscribe from this group and stop receiving emails from it, >> >>>> send an email to [email protected]. >> >>>> For more options, visit https://groups.google.com/d/optout. >> >>> >> >>> -- >> >>> >> >>> -- >> >>> С уважением, Светлов Даниил. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
