[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] ossec can't send e-mail

Subject: [Ossec-list] ossec can't send e-mail
From: nico at sonycom.com (Nico De Ranter)
Date: Thu, 06 Apr 2006 09:15:45 +0200

Hi Ahmet,

thanks for your reply.

The firewall problem was indeed the issue (kind of). In my case the
mailserver is behind a virusscanner which effictively adds an extra
'220' line to the conversation.  Daniel was already so kind to provide
me with a patch (will test it later today).

Nico


On Wed, 2006-04-05 at 22:32 +0300, Ahmet Ozturk wrote:
> Hi Nico,
> 
> Your SMTP server probably performs helo check I think. Ossec-HIDS sends
> "notify.ossec.net" to helo SMTP server, and if SMTP server checks the 
> hostname given by helo command, it will notice that the machine trying 
> to send e-mail is not actually the "notify.ossec.net", and it rejects 
> the client for bogus helo. I've read something about "bogus_helo" 
> checks on debian by searching google.
> 
> Also some people mentioned that this problem occured in an environment 
> that sendmail is behind a firewall. Does this fit your case?
> 
> Btw, there should be some entries in you mail logs for these 
> unsuccessful attempts. Can you send us your sendmail.cg and 
> corresponding log entries?
> 
> Regards,
> 
> Ahmet Ozturk.
> 
> 
> Alinti Nico De Ranter <nico at sonycom.com>
> 
> >
> > Hi
> >
> > I'm trying out ossec-hids on Debian (sid). I've got 1 server and 2
> > agents configured. However in the ossec.log file on the server I see a
> > lot of messages like:
> >
> > 2006/04/05 15:58:30 os_sendmail(1703): Hello not accepted by server:220
> > xxxxxxx.xxxxx.xxx ESMTP Sendmail 8.12.10/8.12.10; Wed, 5 Apr 2006
> > 15:58:30 +0200 (MEST)
> > 2006/04/05 15:58:30 ossec-maild(1223): Error Sending email to
> > xx.xx.xx.xx (smtp server)
> >
> > I don't understand why I get this message. I can send e-mail from the
> > command-line using mailx without problems. I tried doing a telnet to
> > port 25 on the mail server and doing 'helo myserver.mydomain.com' and
> > that was accepted also. Why can't ossec send e-mail?
> >
> > Nico
> >
> > --
> > Nico De Ranter
> > Senior System Administrator
> > Sony Service Center (NSCE)
> > The Corporate Village, Da Vincilaan 7-D1
> > B-1935 Zaventem, Belgium
> > Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22
> >
> >
> > _______________________________________________
> > ossec-list mailing list
> > ossec-list at ossec.net
> > http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
> >
> 
> 
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
-- 
Nico De Ranter
Senior System Administrator
Sony Service Center (NSCE)
The Corporate Village, Da Vincilaan 7-D1
B-1935 Zaventem, Belgium
Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22

References:
- [Ossec-list] ossec can't send e-mail
  - From: Nico De Ranter
- [Ossec-list] ossec can't send e-mail
  - From: Ahmet Ozturk

Prev by Date: [Ossec-list] ossec-hids-0.7p1 questions
Next by Date: [Ossec-list] Multiple messages refused based on timestamp only
Previous by thread: [Ossec-list] ossec can't send e-mail
Next by thread: [Ossec-list] ossec-hids-0.7p1 questions
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.