ossec-maild Issue with V2.9.0

[JohnMelody]

After a yum upgrade from 2.8.3 to 2.9.0 on Centos 6 - the email alerts do not work

The mail configuration uses "localhost" as the smtp server (postfix) and it was working perfectly prior to the upgrade, I get the following error:

2017/05/12 16:29:42 ossec-maild(1223): ERROR: Error Sending email to localhost (smtp server)

The problem seems to be in the ossec-maild executable. I replaced the V2.9.0 with the old V2.8.3 executable and everything works as before. So I have a V2.9.0 installation with the maild at V2.8.3

Has anyone else had a problem with this? Is there further configuration required for maild on V2.9.0 or is there something else we need to configure on the smtp server?

John.

[aquerubin]

On Fri, 12 May 2017, JohnMelody wrote: After a yum upgrade from 2.8.3 to 2.9.0 on Centos 6 - the email alerts do not work The mail configuration uses "localhost" as the smtp server (postfix) and it was working perfectly prior to the upgrade, I get the following error: 2017/05/12 16:29:42 ossec-maild(1223): ERROR: Error Sending email to localhost (smtp server) The problem seems to be in the ossec-maild executable. I replaced the V2.9.0 with the old V2.8.3 executable and everything works as before. So I have a V2.9.0 installation with the maild at V2.8.3 Has anyone else had a problem with this? Is there further configuration required for maild on V2.9.0 or is there something else we need to configure on the smtp server?

Does localhost exist in /etc/hosts or /var/ossec/etc/hosts? Otherwise, try changing localhost to ::1 or 127.0.0.1 in ossec.conf Antonio Querubin e-mail: tony@lavanauts.org xmpp: antonioquerubin@gmail.com

[ghtux]

Same problem here. localhost exists in /etc/hosts and postfix can send mails.
ERROR: Error Sending email to 127.0.0.1 (smtp server)
Tried localhost too

[schneider3005]

Same problem here. Seems that sender and recipient address from config is not considered any more.
ossec tries to send to no-reply@example.com:
to=no-reply@example.com, relay=none, delay=80340, delays=80280/0.02/60/0, dsn=4.4.1, status=deferred (connect to example.com[2606:2800:220:1:248:1893:25c8:1946]:25: Connection timed out). Issue also exists in version 2.9.1

[jknockaert]

After upgrading to 2.9.1 it couldn't send email to localhost. After changing
<smtp_server>localhost</smtp_server>
to
<smtp_server>127.0.0.1</smtp_server>
it worked again.

[sterndata]

I tried added "127.0.0.1 localhost" to /var/ossec/etc/hosts but that didn't work. jknockaert's advice worked for me. (Thanks!)

[ghtux]

After updating to 2.9.2 with "127.0.0.1" mail alerts are working fine.

[jmeile]

Thanks Antonio, changing "localhost" by "127.0.0.1" fixed the problem. I also rechecked and localhost is defined in my /etc/hosts file as:
127.0.0.1 my_host.my_domain.com localhost
::1 localhost ip6-localhost ip6-loopback

So, I don't really now why ossec doesn't accept "localhost". Anyway, it is fixed with: "127.0.0.1"

By the way: I don't have the file: "/var/ossec/etc/hosts". I only have: "/etc/hosts"

Best regards
Josef

[ddpbsd]

Did you copy the changes into /var/ossec/etc/hosts? maild runs chrooted to /var/ossec

[jmeile]

Dear Dan

Ok, that make sense. I copied the host file into /var/ossec/etc/hosts and now it works.

Thanks
Josef

[AlexMRuch]

Updating to <smtp_server>127.0.0.1</smtp_server> also worked for me! Thanks so much!

[Jamalc0m]

After a yum upgrade from 2.8.3 to 2.9.0 on Centos 6 - the email alerts do not work

The mail configuration uses "localhost" as the smtp server (postfix) and it was working perfectly prior to the upgrade, I get the following error:

2017/05/12 16:29:42 ossec-maild(1223): ERROR: Error Sending email to localhost (smtp server)

The problem seems to be in the ossec-maild executable. I replaced the V2.9.0 with the old V2.8.3 executable and everything works as before. So I have a V2.9.0 installation with the maild at V2.8.3

Has anyone else had a problem with this? Is there further configuration required for maild on V2.9.0 or is there something else we need to configure on the smtp server?

John.

which file you have replaced ??? @JohnMelody

[ddpbsd]

@Jamalc0m Probably ossec-maild, but copying /etc/resolv.conf to /var/ossec/etc might also help.

[aquerubin]

Another way to address this problem without having to copy /etc/hosts to /var/ossec/etc is to add a period after 'localhost' in ossec.conf.

<smtp_server>localhost.</smtp_server>