I am testing OSSEC HIDS in a Virtual machine on Ubuntu 18.04 server. First of all I installed and configured ssmtp as follows:
root=my...@gmail.com mailhub=smtp.gmail.com:587 rewriteDomain=gmail.com hostname=localhost TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt UseTLS=Yes UseSTARTTLS=Yes AuthUser=my...@gmail.com AuthPass=password AuthMethod=LOGIN FromLineOverride=yes Emails from command line are sent and received, however there are some issues with OSSEC email alerts. Below is part of /var/ossec/etc/ossec.conf: <global> <email_notification>yes</email_notification> <email_to>my...@gmail.com</email_to> <smtp_server>127.0.0.1</smtp_server> <email_from>ossecm@myserver</email_from> <email_maxperhour>1</email_maxperhour> </global> According to OSSEC's documentation the software should sent an email at startup and when it stops. I received an email after the first startup, in the spam folder, probably because the email_from directive was set to an invalid email address. That email contained two notifications, one about "Partition usage reached 100% (disk space monitor)." and the other about OSSEC start. So I told Gmail that that was not spam, I changed the email_from directive to my...@gmail.com, stopped OSSEC and restarted it. Unfortunately that was the only alert I received. After that I stopped and started OSSEC several times without receiving any email alert. I do not understand why this happens: am I blackholed by Gmail? As I said emails from command line are received without issues. Would OSSEC receive the same treatment on a production server with valid domain? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/87b79ecd-e30a-4c7d-a9f4-50701bb9a519%40googlegroups.com.