Daniel Cid wrote: > > Hi Michael, > > When you tried to send the e-mail using telnet, did you do from the same > host that the ossec server is installed? From you logs, it looks like that > your e-mail server is not accepting e-mails from this host. > Can you check the following: > > -Run tcpdump (-A -s 0 tcp port 25) on the ossec server to see exactly what > the mail server is returning.
Thanks for the response. Well, I have good news and bad news. The good news is that e-mail alerts are now working. The bad news is that there appears to be a bug in OSSEC. TCPDump revealed that OSSEC was sending the helo command before the full SMTP banner was received (and this is on a LAN). When I shortened the banner, everything worked OK.
