Warning: This is the documentation for Wazuh 3.0. Check out the docs for the latest version of Wazuh!
SMTP server with authentication¶
In case that your SMTP server has authentication (like Gmail), we need to configure a server relay because Wazuh does not support it by default. For this purpose we will use Postfix
. The following guide describes the minimal configuration to perform in Postfix to allow Wazuh sends emails to a SMTP with authentication:
Install the needed packages:
Ubuntu
# apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules
CentOS
# yum update && yum install postfix mailx cyrus-sasl cyrus-sasl-plain
Set Postfix config file
/etc/postfix/main.cf
. Add this lines to the end of the file:Ubuntu
relayhost = [smtp.gmail.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/ssl/certs/thawte_Primary_Root_CA.pem smtp_use_tls = yes
CentOS
relayhost = [smtp.gmail.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt smtp_use_tls = yes
Configure email address and password:
# echo [smtp.gmail.com]:587 USERNAME@gmail.com:PASSWORD > /etc/postfix/sasl_passwd # postmap /etc/postfix/sasl_passwd # chmod 400 /etc/postfix/sasl_passwd
Secure DB password
# chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db # chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
Reload Postfix
# systemctl reload postfix
Test you configuration with:
# echo "Test mail from postfix" | mail -s "Test Postfix" you@example.com
You should receive an email on
you@example.com
Configure Wazuh in the
/var/ossec/etc/ossec.conf
:<global> <email_notification>yes</email_notification> <smtp_server>localhost</smtp_server> <email_from>USERNAME@gmail.com</email_from> <email_to>you@example.com</email_to> </global>