[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] ossec can't send e-mail

Subject: [Ossec-list] ossec can't send e-mail
From: oahmet at metu.edu.tr (Ahmet Ozturk)
Date: Wed, 05 Apr 2006 22:32:11 +0300

Hi Nico,

Your SMTP server probably performs helo check I think. Ossec-HIDS sends
"notify.ossec.net" to helo SMTP server, and if SMTP server checks the 
hostname given by helo command, it will notice that the machine trying 
to send e-mail is not actually the "notify.ossec.net", and it rejects 
the client for bogus helo. I've read something about "bogus_helo" 
checks on debian by searching google.

Also some people mentioned that this problem occured in an environment 
that sendmail is behind a firewall. Does this fit your case?

Btw, there should be some entries in you mail logs for these 
unsuccessful attempts. Can you send us your sendmail.cg and 
corresponding log entries?

Regards,

Ahmet Ozturk.


Alinti Nico De Ranter <nico at sonycom.com>

>
> Hi
>
> I'm trying out ossec-hids on Debian (sid). I've got 1 server and 2
> agents configured. However in the ossec.log file on the server I see a
> lot of messages like:
>
> 2006/04/05 15:58:30 os_sendmail(1703): Hello not accepted by server:220
> xxxxxxx.xxxxx.xxx ESMTP Sendmail 8.12.10/8.12.10; Wed, 5 Apr 2006
> 15:58:30 +0200 (MEST)
> 2006/04/05 15:58:30 ossec-maild(1223): Error Sending email to
> xx.xx.xx.xx (smtp server)
>
> I don't understand why I get this message. I can send e-mail from the
> command-line using mailx without problems. I tried doing a telnet to
> port 25 on the mail server and doing 'helo myserver.mydomain.com' and
> that was accepted also. Why can't ossec send e-mail?
>
> Nico
>
> --
> Nico De Ranter
> Senior System Administrator
> Sony Service Center (NSCE)
> The Corporate Village, Da Vincilaan 7-D1
> B-1935 Zaventem, Belgium
> Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22
>
>
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 1706 bytes
Desc: PGP =?us-ascii?b?QcOnxLFrIA==?=
	=?us-ascii?b?QW5haHRhcsSx?=
Url : http://mailman.underlinux.com.br/pipermail/ossec-list/attachments/20060405/775b16ac/attachment.bin

Follow-Ups:
- [Ossec-list] ossec can't send e-mail
  - From: Pedro Drimel Neto
- [Ossec-list] ossec can't send e-mail
  - From: Nico De Ranter

References:
- [Ossec-list] ossec can't send e-mail
  - From: Nico De Ranter

Prev by Date: [Ossec-list] ossec can't send e-mail
Next by Date: [Ossec-list] ossec can't send e-mail
Previous by thread: [Ossec-list] ossec can't send e-mail
Next by thread: [Ossec-list] ossec can't send e-mail
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.