[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] ossec can't send e-mail

Subject: [Ossec-list] ossec can't send e-mail
From: oahmet at metu.edu.tr (Ahmet Ozturk)
Date: Wed, 05 Apr 2006 23:07:01 +0300

Hi Pedro,

Please be sure that, you have <allowed-ips> entries in global section 
of your ossec.conf on server to allow your clients to send messages.
I mean your ossec.conf should look like:

<global>
  <email_notification>yes</email_notification>
  <email_to>root at queen.mydomain</email_to>
  <smtp_server>192.168.1.1</smtp_server>
  <email_from>ossect at queen</email_from>
  <allowed-ips>192.168.1.3/32</allowed-ips>
  <allowed-ips>192.168.1.5/32</allowed-ips>
  <allowed-ips>192.168.2.0/24</allowed-ips>
</global>
....

Please see the documentation: http://www.ossec.net/en/manual.html#config

Hope this helps.

Regards,

Ahmet Ozturk.

Alinti Pedro Drimel Neto <pedrodrimel at gmail.com>

> I'm having problem with agent too
>
> In the ossec.log of agent says:
>
> 2006/04/05 18:45:02 ossec-agentd(1218): Unable to send message to server.
> 2006/04/05 18:45:04 ossec-agentd(1218): Unable to send message to server.
> 2006/04/05 18:45:04 ossec-agentd(1218): Unable to send message to server.
> 2006/04/05 18:45:05 ossec-agentd(1218): Unable to send message to server.
> 2006/04/05 18:45:07 ossec-agentd(1218): Unable to send message to server.
> 2006/04/05 18:45:08 ossec-agentd(1218): Unable to send message to server.
>
> There isn't firewall rules on agent and on the server, the ping has a
> response and the clients.keys are right..
>
> Any idea?
>
> Thanks a lot.
>
>
> ----- Original Message -----
> From: "Ahmet Ozturk" <oahmet at metu.edu.tr>
> To: <ossec-list at ossec.net>
> Sent: Wednesday, April 05, 2006 4:32 PM
> Subject: Re: [Ossec-list] ossec can't send e-mail
>
>
>> Hi Nico,
>>
>> Your SMTP server probably performs helo check I think. Ossec-HIDS sends
>> "notify.ossec.net" to helo SMTP server, and if SMTP server checks the
>> hostname given by helo command, it will notice that the machine trying
>> to send e-mail is not actually the "notify.ossec.net", and it rejects
>> the client for bogus helo. I've read something about "bogus_helo"
>> checks on debian by searching google.
>>
>> Also some people mentioned that this problem occured in an environment
>> that sendmail is behind a firewall. Does this fit your case?
>>
>> Btw, there should be some entries in you mail logs for these
>> unsuccessful attempts. Can you send us your sendmail.cg and
>> corresponding log entries?
>>
>> Regards,
>>
>> Ahmet Ozturk.
>>
>>
>> Alinti Nico De Ranter <nico at sonycom.com>
>>
>>>
>>> Hi
>>>
>>> I'm trying out ossec-hids on Debian (sid). I've got 1 server and 2
>>> agents configured. However in the ossec.log file on the server I see a
>>> lot of messages like:
>>>
>>> 2006/04/05 15:58:30 os_sendmail(1703): Hello not accepted by server:220
>>> xxxxxxx.xxxxx.xxx ESMTP Sendmail 8.12.10/8.12.10; Wed, 5 Apr 2006
>>> 15:58:30 +0200 (MEST)
>>> 2006/04/05 15:58:30 ossec-maild(1223): Error Sending email to
>>> xx.xx.xx.xx (smtp server)
>>>
>>> I don't understand why I get this message. I can send e-mail from the
>>> command-line using mailx without problems. I tried doing a telnet to
>>> port 25 on the mail server and doing 'helo myserver.mydomain.com' and
>>> that was accepted also. Why can't ossec send e-mail?
>>>
>>> Nico
>>>
>>> --
>>> Nico De Ranter
>>> Senior System Administrator
>>> Sony Service Center (NSCE)
>>> The Corporate Village, Da Vincilaan 7-D1
>>> B-1935 Zaventem, Belgium
>>> Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22
>>>
>>>
>>> _______________________________________________
>>> ossec-list mailing list
>>> ossec-list at ossec.net
>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>
>>
>>
>>
>
>
> --------------------------------------------------------------------------------
>
>
>> _______________________________________________
>> ossec-list mailing list
>> ossec-list at ossec.net
>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>
>
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 1706 bytes
Desc: PGP =?us-ascii?b?QcOnxLFrIA==?=
	=?us-ascii?b?QW5haHRhcsSx?=
Url : http://mailman.underlinux.com.br/pipermail/ossec-list/attachments/20060405/e889c546/attachment.bin

Follow-Ups:
- [Ossec-list] ossec can't send e-mail
  - From: Pedro Drimel Neto

References:
- [Ossec-list] ossec can't send e-mail
  - From: Nico De Ranter
- [Ossec-list] ossec can't send e-mail
  - From: Ahmet Ozturk
- [Ossec-list] ossec can't send e-mail
  - From: Pedro Drimel Neto

Prev by Date: [Ossec-list] ossec can't send e-mail
Next by Date: [Ossec-list] ossec can't send e-mail
Previous by thread: [Ossec-list] ossec can't send e-mail
Next by thread: [Ossec-list] ossec can't send e-mail
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.