測(cè)試環(huán)境:
CentOS Linux release 7.6.1810
Wazuh 3.10.2
1捎废、wazuh服務(wù)器上安裝postfii及相關(guān)服務(wù)
yum install -y?postfix mailx cyrus-sasl cyrus-sasl-plain
2、修改postfix配置文件
# vi /etc/postfix/main.cf
command_directory = /usr/sbin
data_directory = /var/lib/postfix
mail_owner = postfix
home_mailbox = /home/ossec/mail
myhostname = qiyeyou.com
mydomain = qiyeyou.com
myorigin = $mydomain
mydestination = $mydoamin
relayhost = [smtp.exmail.qq.com]:587? ?#這里使用SSL 587端口驶忌,465端口沒(méi)有測(cè)試通
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_use_tls = yes
smtp_sender_dependent_authentication = yes
smtp_generic_maps = hash:/etc/postfix/generic
3瞬欧、生成sasl_passwd文件
# vi?etc/postfix/sasl_passwd
[smtp.exmail.qq.com]:587 example@qiyeyou.com:mypassword
4臭蚁、生成generic文件簿废,用于將所有系統(tǒng)發(fā)送郵箱都轉(zhuǎn)換成example@qiyeyou.com
# vi?etc/postfix/generic
@hostname example@qiyeyou.com
這里有個(gè)小技巧心肪,如果不知道hostname是什么弥咪,可以先發(fā)一封測(cè)試郵件忌怎,此時(shí)root下是使用hostname發(fā)送的,然后查看tail -f /var/log/maillog里的from值酪夷,就能獲取到@hostname是什么了
5榴啸、postmap生成hash數(shù)據(jù)庫(kù)
#?postmap /etc/postfix/generic
#?postmap /etc/postfix/sasl_passwd
6、修改文件歸屬及權(quán)限
#?chown root:root?/etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
#?chown root:root?/etc/postfix/generic /etc/postfix/generic.db
#?chmod 400 /etc/postfix/sasl_passwd?
#?chmod 400 /etc/postfix/generic
#?chmod 0600?/etc/postfix/sasl_passwd.db
#?chmod 0600?/etc/postfix/generic.db
8晚岭、重啟postfix
# systemctl reload postfix
9鸥印、測(cè)試postfix配置
echo 'This is a test mail' | mail -s 'This is a test mail' xxxxx@163.com
10、修改/var/ossec/ossec.conf文件
# vi /var/ossec/ossec.conf
<global>
? ? <email_notification>yes</email_notification>
? ? <smtp_server>localhost</smtp_server>
? ? <email_from>example@qiyeyou.com</email_from>
? ? <email_to>test@test.com</email_to>
? </global>
參考鏈接:
https://wazuh.com/blog/how-to-send-email-notifications-with-wazuh/
