OSSEC邮件通知发送失败

Question

OSSEC邮件通知发送失败

8

在尝试获取ossec功能中的邮件通知时出现了错误。我在这种情况下使用了我的Gmail帐户。我尝试了这个教程，但我无法收到来自该教程的任何电子邮件。我在/var/ossec/logs/ossec.log中找到了错误日志，其中警告为Mail not accepted by server。您可以查看下面的日志。

2017/10/06 20:05:18 os_sendmail(1764): WARN: Mail from not accepted by server
2017/10/06 20:05:18 ossec-maild(1223): ERROR: Error Sending email to 74.125.200$
2017/10/06 20:05:58 ossec-syscheckd: INFO: Starting syscheck scan (forwarding d$
2017/10/06 20:05:58 ossec-syscheckd: INFO: Starting syscheck database (pre-scan$
2017/10/06 20:05:58 ossec-syscheckd: INFO: Initializing real time file monitori$

以下是我在位于/var/ossec/etc/ossec.conf的ossec.conf配置文件中的电子邮件配置：

 <global>
    <email_notification>yes</email_notification>
    <email_to>myrealemailaccount@gmail.com</email_to>
    <smtp_server>smtp.gmail.com.</smtp_server>
    <email_from>ossecm@gantz-X450CC</email_from>
    <email_maxperhour>20</email_maxperhour>
    <email_from>myrealemailaccount@gmail.com</email_from>
  </global>

我已经将<smtp_server>填写为smtp.gmail.com，但仍然在我的ossec.log中看到错误消息。

我该如何解决？我正在Ubuntu Server: 16.04上安装此应用程序。

- Gagantous

1个回答

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Gagantous · Accepted Answer

我终于找到了解决方案。对于我的情况，我使用Postfix将我的gmail帐户连接到本地主机。如果您有自己的专用电子邮件服务器，例如在您的服务器上，则更好，而不是使用gmail。

Make sure you have update your linux.
```
apt-get update
```
Install postfix via terminal , if you cant install postfix, try changing your repositories location in /etc/sources.list and than update your linux in using apt-get update, untill you can run below command
```
sudo apt-get install postfix
```
or
```
sudo apt-get install mailutils
```
that will install Postfix as well as a few other programs needed for . After that you will get option, choose Internet Site
Configure the Postfix

Search main.cf at /etc/postfix/main.cf, edit the file using nano. Add this syntax at the end of file.
```
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
```
Edit sasl_passwd at /etc/postfix/sasl_passwd, edit the file and add below line to sasl_passwd file:
```
[smtp.gmail.com]:587    your_email_here:your_password here
```
You should put your email that you want to as a sender of ossec email notification on that `sasl_pawd. Not as a receiver.

Edit your /var/ossec/etc/ossec.conf, and change your SMTP to tour local ip like 127.0.0.1 or localhost

  <global>
   <email_notification>yes</email_notification>
   <email_to>your email that want to be send to</email_to>
   <smtp_server>localhost</smtp_server>
   <email_from>127.0.0.1</email_from> #if 127.0.0.1 didnt work ,try same email address which you put in your sasl passwd 
   <email_maxperhour>100</email_maxperhour>
  </global>

更新于2018年5月22日

如需进一步配置，请阅读此教程和这个。