Yep, I can do that. And I see just about what I expect to see. Next I'll
see if tcpdump shows me anything useful.
[EMAIL PROTECTED] alerts]# telnet <mail server IP> 25
Trying <IP>...
Connected to mail.<mumble>.com
Escape character is '^]'.
220 mail.<...>.com ESMTP Sendmail 8.12.11/8.12.10; Thu, 14 Sep 2006
12:58:06 -0700 (PDT)
helo www4
250 mail.<...>.com Hello
IDENT:[EMAIL PROTECTED]<...>.com
[216.177.75.71], pleased to meet you
mail from: [EMAIL PROTECTED]
250 2.1.0 [EMAIL PROTECTED] Sender ok
rcpt to: [EMAIL PROTECTED]
250 2.1.5 [EMAIL PROTECTED] Recipient ok
quit
221 2.0.0 mail.trinetsolutions.com closing connection
Connection closed by foreign host.
Daniel Cid wrote:
Hi Dan,
"merror" is just a function to print out messages at
/var/ossec/logs/ossec.log.
So by enabling MAIL_DEBUG you will get whatever extra information at
the ossec.log file. From your logs, looks like that sendmail is not
accepting
the "helo msg" and ossec is dropping the connection (so no more debug
messages).
Can you try manually to send the e-mail to the IP configured at
ossec.conf? Something like:
nc (or telnet) x.y.z.a 25
Helo notify.ossec.net
Mail from: <[EMAIL PROTECTED]>
..
You can also run tcpdump (tcpdump -A -s 0 being some useful flags) to
watch at all the traffic and messages...
Hope it helps,
--
Daniel B. Cid
dcid ( at ) ossec.net
