Re: [ossec-list] Is gmail silently dropping my OSSEC email alerts?
I tried with /usr/sbin/ssmtp as the smtp server but nothing changed, I still am not receiving alerts -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/fc0d18c4-710b-4089-bf35-d9df0db07f88%40googlegroups.com.
Re: [ossec-list] Is gmail silently dropping my OSSEC email alerts?
> > It doesn't look like ssmtp is an actual daemon. So instead of using > '127.0.0.1' as the smtp server, you should probably use something like > '/usr/sbin/ssmtp' > I don't know what flags or anything you might need with it though, > I've never used it. > > I will try with /usr/sbin/ssmtp However I would like to point out that I received the first two notifications via email, so it does not look as a configuration issue -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/33f91415-4dfb-49da-84f1-8eaa6e8571a1%40googlegroups.com.
Re: [ossec-list] Is gmail silently dropping my OSSEC email alerts?
On Fri, Sep 27, 2019 at 11:51 AM llehirgen wrote: > > > > On Friday, September 27, 2019 at 4:51:20 PM UTC+2, dan (ddpbsd) wrote: >> >> >> Is ssmtp listening on 127.0.0.1 port 25? >> > > I honestly do not know what port is ssmtp listening on. > I used sudo netstat -tulpn and got 5 program names: systemd-resolve, sshd, > sshd, systemd-resolve, systemd-network > I could not find documentation on which port is ssmtp listening. > It doesn't look like ssmtp is an actual daemon. So instead of using '127.0.0.1' as the smtp server, you should probably use something like '/usr/sbin/ssmtp' I don't know what flags or anything you might need with it though, I've never used it. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/383895b0-0672-427c-998f-acf1d4f46a4c%40googlegroups.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMqU4gvDDyGFg0rvBm8CdPgCajqJYmt6%2B894HmUGoQ_nXw%40mail.gmail.com.
Re: [ossec-list] Is gmail silently dropping my OSSEC email alerts?
On Friday, September 27, 2019 at 4:51:20 PM UTC+2, dan (ddpbsd) wrote: > > Is ssmtp listening on 127.0.0.1 port 25? > > I honestly do not know what port is ssmtp listening on. I used sudo netstat -tulpn and got 5 program names: systemd-resolve, sshd, sshd, systemd-resolve, systemd-network I could not find documentation on which port is ssmtp listening. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/383895b0-0672-427c-998f-acf1d4f46a4c%40googlegroups.com.
Re: [ossec-list] Is gmail silently dropping my OSSEC email alerts?
On Fri, Sep 27, 2019 at 10:45 AM llehirgen wrote: > > I am testing OSSEC HIDS in a Virtual machine on Ubuntu 18.04 server. > First of all I installed and configured ssmtp as follows: > > > root=my...@gmail.com > mailhub=smtp.gmail.com:587 > rewriteDomain=gmail.com > hostname=localhost > TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt > UseTLS=Yes > UseSTARTTLS=Yes > AuthUser=my...@gmail.com > AuthPass=password > AuthMethod=LOGIN > FromLineOverride=yes > > > Emails from command line are sent and received, however there are some issues > with OSSEC email alerts. > Below is part of /var/ossec/etc/ossec.conf: > > > > yes > my...@gmail.com > 127.0.0.1 Is ssmtp listening on 127.0.0.1 port 25? > ossecm@myserver > 1 > > > > According to OSSEC's documentation the software should sent an email at > startup and when it stops. I received an email after the first startup, in > the spam folder, probably because the email_from directive was set to an > invalid email address. That email contained two notifications, one about > "Partition usage reached 100% (disk space monitor)." and the other about > OSSEC start. So I told Gmail that that was not spam, I changed the email_from > directive to my...@gmail.com, stopped OSSEC and restarted it. Unfortunately > that was the only alert I received. After that I stopped and started OSSEC > several times without receiving any email alert. I do not understand why this > happens: am I blackholed by Gmail? As I said emails from command line are > received without issues. Would OSSEC receive the same treatment on a > production server with valid domain? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/87b79ecd-e30a-4c7d-a9f4-50701bb9a519%40googlegroups.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMpwbwncDMtiAnWCi%2BospKAHjNJfjmOrSfbs4AuX7-7cow%40mail.gmail.com.
[ossec-list] Is gmail silently dropping my OSSEC email alerts?
I am testing OSSEC HIDS in a Virtual machine on Ubuntu 18.04 server. First of all I installed and configured ssmtp as follows: root=my...@gmail.com mailhub=smtp.gmail.com:587 rewriteDomain=gmail.com hostname=localhost TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt UseTLS=Yes UseSTARTTLS=Yes AuthUser=my...@gmail.com AuthPass=password AuthMethod=LOGIN FromLineOverride=yes Emails from command line are sent and received, however there are some issues with OSSEC email alerts. Below is part of /var/ossec/etc/ossec.conf: yes my...@gmail.com 127.0.0.1 ossecm@myserver 1 According to OSSEC's documentation the software should sent an email at startup and when it stops. I received an email after the first startup, in the spam folder, probably because the email_from directive was set to an invalid email address. That email contained two notifications, one about "Partition usage reached 100% (disk space monitor)." and the other about OSSEC start. So I told Gmail that that was not spam, I changed the email_from directive to my...@gmail.com, stopped OSSEC and restarted it. Unfortunately that was the only alert I received. After that I stopped and started OSSEC several times without receiving any email alert. I do not understand why this happens: am I blackholed by Gmail? As I said emails from command line are received without issues. Would OSSEC receive the same treatment on a production server with valid domain? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/87b79ecd-e30a-4c7d-a9f4-50701bb9a519%40googlegroups.com.