SMTP server with authentication

If your SMTP server uses authentication (like Gmail, for instance), a server relay will need to be configured as Wazuh does not support this. Postfix can be configured to provide this capability. The following guide describes the minimal configuration needed to use Postfix to send emails:

  1. Install the needed packages:

    Ubuntu

    # apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules
    

    CentOS

    # yum update && yum install postfix mailx cyrus-sasl cyrus-sasl-plain
    
  2. Configure Postfix in the /etc/postfix/main.cf file adding these lines to the end of the file:

    Ubuntu

    relayhost = [smtp.gmail.com]:587
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options = noanonymous
    smtp_tls_CAfile = /etc/ssl/certs/thawte_Primary_Root_CA.pem
    smtp_use_tls = yes
    

    CentOS

    relayhost = [smtp.gmail.com]:587
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options = noanonymous
    smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
    smtp_use_tls = yes
    
  3. Configure the email address and password:

    # echo [smtp.gmail.com]:587 USERNAME@gmail.com:PASSWORD > /etc/postfix/sasl_passwd
    # postmap /etc/postfix/sasl_passwd
    # chmod 400 /etc/postfix/sasl_passwd
    
  4. Secure the DB password:

    # chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
    # chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
    
  5. Restart Postfix:

    # systemctl reload postfix
    
  6. Test the configuration with:

    # echo "Test mail from postfix" | mail -s "Test Postfix" -r "you@example.com" you@example.com
    

    You should receive an email at you@example.com.

  7. Configure Wazuh in the /var/ossec/etc/ossec.conf as follows:

    <global>
      <email_notification>yes</email_notification>
      <smtp_server>localhost</smtp_server>
      <email_from>USERNAME@gmail.com</email_from>
      <email_to>you@example.com</email_to>
    </global>