[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] ossec can't send e-mail

Subject: [Ossec-list] ossec can't send e-mail
From: daniel.cid at gmail.com (Daniel Cid)
Date: Wed, 5 Apr 2006 11:50:13 -0300

Hi Nico,

I don't understand what is happening over there too.
Basically on the e-mail transaction, the server sends the
banner with the "220" code. Ossec verify that it is valid and
then sends the "helo" message. From the "helo" message,
the server MUST response with the "250" code. However, I
can see that your server is replying with the "220" code for
the hello message (which is not accepted by the rfc).

Can you enable debug on the code that sends the e-mail?
Just open src/os_maild/sendmail.c and on line 54, set
MAIL_DEBUG_FLAG to 1 (it is set to 0). After that you need
to recompile ossec_maild (just type make on the os_maild
directory and copy the binary to /var/ossec/bin).

In addition to that, can you show me the output of your
ossec.conf? And the output of the telnet transaction to
the server? (like receiving the banner, the helo message, etc)?

*I'm not an sendmail user, so I never tested it there before.
We try to follow the rfcs, so it should work on most of the places...

Thanks,

Daniel

On 4/5/06, Nico De Ranter <nico at sonycom.com> wrote:
>
> Hi
>
> I'm trying out ossec-hids on Debian (sid). I've got 1 server and 2
> agents configured. However in the ossec.log file on the server I see a
> lot of messages like:
>
> 2006/04/05 15:58:30 os_sendmail(1703): Hello not accepted by server:220
> xxxxxxx.xxxxx.xxx ESMTP Sendmail 8.12.10/8.12.10; Wed, 5 Apr 2006
> 15:58:30 +0200 (MEST)
> 2006/04/05 15:58:30 ossec-maild(1223): Error Sending email to
> xx.xx.xx.xx (smtp server)
>
> I don't understand why I get this message. I can send e-mail from the
> command-line using mailx without problems. I tried doing a telnet to
> port 25 on the mail server and doing 'helo myserver.mydomain.com' and
> that was accepted also. Why can't ossec send e-mail?
>
> Nico
>
> --
> Nico De Ranter
> Senior System Administrator
> Sony Service Center (NSCE)
> The Corporate Village, Da Vincilaan 7-D1
> B-1935 Zaventem, Belgium
> Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22
>
>
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>

References:
- [Ossec-list] ossec can't send e-mail
  - From: Nico De Ranter

Prev by Date: [Ossec-list] ossec can't send e-mail
Next by Date: [Ossec-list] ossec can't send e-mail
Previous by thread: [Ossec-list] ossec can't send e-mail
Next by thread: [Ossec-list] ossec can't send e-mail
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.