wazuh-docker icon indicating copy to clipboard operation
wazuh-docker copied to clipboard

Published 20 hours ago verified publisher icon wazuh

4.3.1 wazuh maild error

Open smallwolf99 opened this issue 2 years ago • 5 comments

| 4.3.1 | Wazuh maild | Manager/Agent | Docker | CentOS 7.9 64bit |

I fellow this docs: https://documentation.wazuh.com/current/user-manual/manager/manual-email-report/smtp-authentication.html https://wazuh.com/blog/how-to-send-email-notifications-with-wazuh/

I test email success on host, but docker container failed, log as bellow:

docker exec -it 8b8f bash root@wazuh:/# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"

2022/07/28 00:21:37 wazuh-maild: ERROR: date or location not NULL or p is NULL 2022/07/28 01:00:04 wazuh-maild: ERROR: (1223): Error Sending email to 127.0.0.1 (smtp server) 2022/07/28 01:22:38 wazuh-maild: ERROR: date or location not NULL or p is NULL 2022/07/28 01:28:19 wazuh-maild: ERROR: date or location not NULL or p is NULL 2022/07/28 01:28:24 wazuh-maild: ERROR: date or location not NULL or p is NULL 2022/07/28 01:45:26 wazuh-maild: ERROR: date or location not NULL 2022/07/28 01:46:36 wazuh-maild: ERROR: date or location not NULL or p is NULL 2022/07/28 01:59:08 wazuh-maild: ERROR: date or location not NULL or p is NULL 2022/07/28 01:59:33 wazuh-maild: ERROR: date or location not NULL or p is NULL 2022/07/28 01:59:38 wazuh-maild: ERROR: date or location not NULL or p is NULL 2022/07/28 02:00:03 wazuh-maild: ERROR: (1223): Error Sending email to 127.0.0.1 (smtp server)

configure file:

docker exec -it 8b8f bash cat /var/ossec/etc/ossec.conf

yes yes no no yes localhost [email protected] [email protected] 120 alerts.log 5m 0 ![2(1)](https://user-images.githubusercontent.com/5292224/181430076-c21fc652-3dd5-4a86-8190-75fb71462730.jpg) ![1_20220728124021](https://user-images.githubusercontent.com/5292224/181430083-cea51834-70d1-4f03-b5b0-34f9f554c568.jpg)

smallwolf99 avatar Jul 28 '22 05:07 smallwolf99

this is my configure: 3_20220728134935 I test email success on host 2(1)(1) 4_20220728135416

smallwolf99 avatar Jul 28 '22 05:07 smallwolf99

Hi @smallwolf99. Where did you configure postfix? Was it on the docker container or the host? If you installed postfix on the host you should use the host IP address instead of localhost for the smtp_server property.

teddytpc1 avatar Aug 09 '22 14:08 teddytpc1

Hi @teddytpc1 Thanks for your reply! I configure postfix on host, when i use th host IP instead of localhost for smtp_server, the "Error message" as bellow:

2022/08/11 01:00:02 wazuh-maild: ERROR: (1223): Error Sending email to 10.81.0.3 (smtp server)

smallwolf99 avatar Aug 11 '22 01:08 smallwolf99

Hi @smallwolf99. Can you run a telnet from the Wazuh Manager container to the host IP on port 25? e.g.: telnet <HOST_IP> 25 You will need to install telnet on the container. If it fails, run the following command on the host and provide the output: netstat -anp | grep 25

teddytpc1 avatar Aug 19 '22 17:08 teddytpc1

I have the same problem. From inside the container manager has no connection to the host where postfix is located.

[wazuh-user@wazuh-server ~]$ sudo docker exec -it single-node-wazuh.manager-1 bash
root@wazuh:/# telnet 10.0.0.xx 25
Trying 10.0.0.xx...
telnet: Unable to connect to remote host: Connection refused

tomkolp avatar Jan 26 '23 11:01 tomkolp