I am getting an error when trying to get the ossec features: email notification. I used my Gmail account for this case. I have tried this tutorial, but i couldn't get any email from that. I got the error log inside with warn Mail not accepted by server. It was located at /var/ossec/logs/ossec.log you could see the log below.
2017/10/06 20:05:18 os_sendmail(1764): WARN: Mail from not accepted by server 2017/10/06 20:05:18 ossec-maild(1223): ERROR: Error Sending email to 74.125.200$ 2017/10/06 20:05:58 ossec-syscheckd: INFO: Starting syscheck scan (forwarding d$ 2017/10/06 20:05:58 ossec-syscheckd: INFO: Starting syscheck database (pre-scan$ 2017/10/06 20:05:58 ossec-syscheckd: INFO: Initializing real time file monitori$
Here are my configuration for email in ossec.conf located at /var/ossec/etc/ossec.conf
<global> <email_notification>yes</email_notification> <email_to>fatinabdulhadi0@gmail.com</email_to> <smtp_server>smtp.gmail.com.</smtp_server> <email_from>ossecm@gantz-X450CC</email_from> <email_maxperhour>20</email_maxperhour> <email_from>fatinabdulhadi0@gmail.com</email_from> </global>
I have filled my <smtp_server> to smtp.gmail.com. And nothing's change. Its still got the error message at my ossec.log
How can i fix this ? I installing this application on Ubuntu Server: 16.04
I finally got the solution. For my case, i used Postfix to connect my account gmail to my localhost. If you have your own dedicated Email server, like in your server, it woud be great, rather than using gmail.
Make sure you have update your linux.
apt-get update
Install postfix via terminal , if you cant install postfix, try changing your repositories location in /etc/sources.list and than update your linux in using apt-get update, untill you can run below command
sudo apt-get install postfix
or
sudo apt-get install mailutils
that will install Postfix as well as a few other programs needed for . After that you will get option, choose Internet Site
Configure the Postfix
Search main.cf at /etc/postfix/main.cf, edit the file using nano. Add this syntax at the end of file.
relayhost = [smtp.gmail.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_use_tls = yes
Edit sasl_passwd at /etc/postfix/sasl_passwd, edit the file and add below line to sasl_passwd file:
[smtp.gmail.com]:587 your_email_here:your_password here
You should put your email that you want to as a sender of ossec email notification on that `sasl_pawd. Not as a receiver.
Edit your /var/ossec/etc/ossec.conf, and change your SMTP to tour local ip like 127.0.0.1 or localhost
<global> <email_notification>yes</email_notification> <email_to>your email that want to be send to</email_to> <smtp_server>localhost</smtp_server> <email_from>127.0.0.1</email_from> #if 127.0.0.1 didnt work ,try same email address which you put in your sasl passwd <email_maxperhour>100</email_maxperhour> </global>
Updated 22/05/2018
For further configuration, please read this tutorial and this
You have two tags <email_from> Make sure you leave the gmail one. If not, make sure ossecm@gantz-X450CC is a valid domain.
Also not sure you've seen the extra dot in
<smtp_server>smtp.gmail.com.</smtp_server>
