View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Ossec email
Log in to Ask a Question
✓ Solved

Ossec email

I'm trying to set up email alerts with OSSEC (v3.7.0). I have a new linode running Ubuntu 22.04. The guide here says I should have something like the following in my ossec.conf:

<global> <email_notification>yes</email_notification> <email_to>loginName@example.com</email_to> <smtp_server>mail.example.com.</smtp_server> <email_from>ossecm@hostname</email_from> </global>

But I get no email alerts and there are no mail related errors in the ossec log file.

In any case, I don't see how this would work with anything other than an open relay. I'm sure I'm missing something, but I can't find any instructions for authenticating stmp connections via ossec.

I think there also may be a wider problem. Using my regular email provider, telnet -z ssl mx.****.com 465 resolves the address, but just times out. (Telnet works on my local machine and there I can authenticate and send mail.)

I have ufw running with the default config. Disabling it makes no difference.

Thanks in advance for any ideas of what I should check/do.

2 Replies

Linode Staff

✓ Best Answer

This post titled I just created my first Linode and I can’t send emails. Why? (Mailing ports 25, 465, and 587 blocked by default) explains that email ports are restricted on Linode accounts by default. The time out of your telnet command leads me to believe the email port restrictions are probably causing your issue here.

Another way you can check this is by running nmap on your SMTP ports with this command:

nmap -Pn -p 25,465,587 --reason <your.ip.address>

If you're unfamiliar with nmap you can find instructions on how to use the command in this post titled How do I understand the results of an nmap scan?.

My suggestion is to reach out to the Support Team in a Ticket to provide some information on your use case and request the restrictions be lifted.

Thanks for your help - that makes a lot more sense now. And nmap confirms that there's some kind of block.

I would have wasted a lot less time if linode had better documented this blocking policy. It is rather relevant for anybody not already familiar with the policy and trying to set up some kind of email alert for server monitoring.

Anyway, I have a lead now, so will chase up.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct