[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] ossec can't send e-mail

Subject: [Ossec-list] ossec can't send e-mail
From: pedrodrimel at gmail.com (Pedro Drimel Neto)
Date: Wed, 5 Apr 2006 16:54:20 -0300

I'm having problem with agent too

In the ossec.log of agent says:

2006/04/05 18:45:02 ossec-agentd(1218): Unable to send message to server.
2006/04/05 18:45:04 ossec-agentd(1218): Unable to send message to server.
2006/04/05 18:45:04 ossec-agentd(1218): Unable to send message to server.
2006/04/05 18:45:05 ossec-agentd(1218): Unable to send message to server.
2006/04/05 18:45:07 ossec-agentd(1218): Unable to send message to server.
2006/04/05 18:45:08 ossec-agentd(1218): Unable to send message to server.

There isn't firewall rules on agent and on the server, the ping has a 
response and the clients.keys are right..

Any idea?

Thanks a lot.


----- Original Message ----- 
From: "Ahmet Ozturk" <oahmet at metu.edu.tr>
To: <ossec-list at ossec.net>
Sent: Wednesday, April 05, 2006 4:32 PM
Subject: Re: [Ossec-list] ossec can't send e-mail


> Hi Nico,
>
> Your SMTP server probably performs helo check I think. Ossec-HIDS sends
> "notify.ossec.net" to helo SMTP server, and if SMTP server checks the
> hostname given by helo command, it will notice that the machine trying
> to send e-mail is not actually the "notify.ossec.net", and it rejects
> the client for bogus helo. I've read something about "bogus_helo"
> checks on debian by searching google.
>
> Also some people mentioned that this problem occured in an environment
> that sendmail is behind a firewall. Does this fit your case?
>
> Btw, there should be some entries in you mail logs for these
> unsuccessful attempts. Can you send us your sendmail.cg and
> corresponding log entries?
>
> Regards,
>
> Ahmet Ozturk.
>
>
> Alinti Nico De Ranter <nico at sonycom.com>
>
>>
>> Hi
>>
>> I'm trying out ossec-hids on Debian (sid). I've got 1 server and 2
>> agents configured. However in the ossec.log file on the server I see a
>> lot of messages like:
>>
>> 2006/04/05 15:58:30 os_sendmail(1703): Hello not accepted by server:220
>> xxxxxxx.xxxxx.xxx ESMTP Sendmail 8.12.10/8.12.10; Wed, 5 Apr 2006
>> 15:58:30 +0200 (MEST)
>> 2006/04/05 15:58:30 ossec-maild(1223): Error Sending email to
>> xx.xx.xx.xx (smtp server)
>>
>> I don't understand why I get this message. I can send e-mail from the
>> command-line using mailx without problems. I tried doing a telnet to
>> port 25 on the mail server and doing 'helo myserver.mydomain.com' and
>> that was accepted also. Why can't ossec send e-mail?
>>
>> Nico
>>
>> --
>> Nico De Ranter
>> Senior System Administrator
>> Sony Service Center (NSCE)
>> The Corporate Village, Da Vincilaan 7-D1
>> B-1935 Zaventem, Belgium
>> Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22
>>
>>
>> _______________________________________________
>> ossec-list mailing list
>> ossec-list at ossec.net
>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>
>
>
>


--------------------------------------------------------------------------------


> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>

Follow-Ups:
- [Ossec-list] ossec can't send e-mail
  - From: Ahmet Ozturk
- [Ossec-list] ossec can't send e-mail
  - From: Daniel Cid

References:
- [Ossec-list] ossec can't send e-mail
  - From: Nico De Ranter
- [Ossec-list] ossec can't send e-mail
  - From: Ahmet Ozturk

Prev by Date: [Ossec-list] ossec can't send e-mail
Next by Date: [Ossec-list] ossec can't send e-mail
Previous by thread: [Ossec-list] ossec can't send e-mail
Next by thread: [Ossec-list] ossec can't send e-mail
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.