Reputation: 1
I'm trying to configure email out in wazuh but failed to do so,I followed the official doc ,using postfix also implemented the app password but failed
Here is the configuration of my wazuh manager
<logall json>no</logall_json>
<email_notification>yes</email_notification>
<smtp_server>smtp.gmail.com</smtp_server>
<email_from>[email protected]</email_from>
<email_to>[email protected]</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<agents_disconnection_time>10m</agents_disconnection_time>
<agents_disconnection_alert_time>0</agents_disconnection_alert_time>
And this is the main.cf configuration relayhost = [smtp.gmail.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_use_tls = yes smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
So what to do next to make it working
Upvotes: 0
Views: 1730
Answers (3)
Reputation: 1
I just solved a similar issue, see if this helps. In your ossec.conf change this <smtp_server>smtp.gmail.com</smtp_server> to <smtp_server>localhost</smtp_server>. When you set the SMTP server to localhost, you are instructing Wazuh to send its outbound emails to the local Postfix service running on the same server. This means Wazuh hands off the emails to Postfix, which then takes responsibility for delivering these emails to the final destination.
Upvotes: 0
Reputation: 432
When configuring Wazuh using an SMTP relay server with authentication as explained in the documentation the <smtp_server> setting should be localhost instead of the gmail smtp server.
Also be sure to use an app password instead of your gmail credentials.
As suggested by Nof, in order to verify that the relay is working correctly you may run:
echo "Test mail from postfix" | mail -s "Test Postfix" -r "[email protected]" [email protected]
If this doesn't work then please share any errors in the /var/log/maillog and if this works but you're still not seeing expected email alerts by Wazuh then share the output of:
grep mail /var/ossec/logs/ossec.log
Upvotes: 0
Reputation: 1
To configure alerts for a gmail account you can follow the following documentation.
I understand from your comment that you have followed the step by step of this instruction, could you then execute the following command to evaluate if the connection to the server is correct?
echo "Test mail from postfix" | mail -s "Test Postfix" -r "[email protected]" [email protected]
I await your comments, regards, Nicolás
Upvotes: 0