ossec配置使用腾讯企业邮箱告警
测试环境:
CentOS Linux release 7.6.1810
ossec 3.6.10
1、wazuh服务器上安装postfii及相关服务
yum install -y postfix mailx cyrus-sasl cyrus-sasl-plain
2、修改postfix配置文件
# vi /etc/postfix/main.cf
command_directory = /usr/sbin
data_directory = /var/lib/postfix
mail_owner = postfix
home_mailbox = /home/ossec/mail
myhostname = qiyeyou.com
mydomain = qiyeyou.com
myorigin = $mydomain
mydestination = $mydoamin
relayhost = [smtp.exmail.qq.com]:587 #这里使用SSL 587端口,465端口没有测试通
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_use_tls = yes
smtp_sender_dependent_authentication = yes
smtp_generic_maps = hash:/etc/postfix/generic
3、生成sasl_passwd文件
# vi etc/postfix/sasl_passwd
[smtp.exmail.qq.com]:587 example@qiyeyou.com:mypassword
4、生成generic文件,用于将所有系统发送邮箱都转换成example@qiyeyou.com
# vi etc/postfix/generic
@hostname example@qiyeyou.com
root@xxxx example@qiyeyou.com(神来之笔)
这里有个小技巧,如果不知道hostname是什么,可以先发一封测试邮件,此时root下是使用hostname发送的,然后查看tail -f /var/log/maillog里的from值,就能获取到@hostname是什么了
5、postmap生成hash数据库
# postmap /etc/postfix/generic
# postmap /etc/postfix/sasl_passwd
6、修改文件归属及权限
# chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
# chown root:root /etc/postfix/generic /etc/postfix/generic.db
# chmod 400 /etc/postfix/sasl_passwd
# chmod 400 /etc/postfix/generic
# chmod 0600 /etc/postfix/sasl_passwd.db
# chmod 0600 /etc/postfix/generic.db
8、重启postfix
# systemctl reload postfix
9、测试postfix配置
echo 'This is a test mail' | mail -s 'This is a test mail' xxxxx@163.com
10、修改/var/ossec/ossec.conf文件
# vi /var/ossec/ossec.conf
<global>
<email_notification>yes</email_notification>
<smtp_server>localhost</smtp_server>
<email_from>example@qiyeyou.com</email_from>
<email_to>test@test.com</email_to>
</global>
刚好遇到不能发邮件的问题,就做个笔记!
转载文章: https://www.jianshu.com/p/fd92e2226d31
参考链接: https://documentation.wazuh.com/3.13/user-manual/manager/manual-email-report/smtp_authentication.html