Hello,
I keep getting the following email notification from the ossec server.
This message occur because I relay my email to Gmail. By default, the system try to connect to the Google mail server via ipv6. As I don't have Ipv6 setup on my machine, it then to go connect via ipv4 and the message get send successfully...
In order to stop receiving this email notification, I tough of adding the following rule in my rules/local_rules.xml
Now, my question is:
Will my rule stop me from receiving the SMTP email if things go wrong on my ipv4?
How can I set this rule so it only look if the problem derive from my ipv6?
Thank you
Fred
I keep getting the following email notification from the ossec server.
Code:
OSSEC HIDS Notification.
2015 Jan 12 06:00:01
Received From: trinity->/var/log/maillog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Jan 12 06:00:00 trinity smtpd[1161]: smtp-out: Error on session 07918aa71d08e40c: Connection failed: No route to host
--END OF NOTIFICATION
This message occur because I relay my email to Gmail. By default, the system try to connect to the Google mail server via ipv6. As I don't have Ipv6 setup on my machine, it then to go connect via ipv4 and the message get send successfully...
In order to stop receiving this email notification, I tough of adding the following rule in my rules/local_rules.xml
Code:
<rule id="ID" level="0">
<if_sid>1002</if_sid>
<program_name>^smtpd</program_name>
<match>Connection failed: No route to host</match>
<description>Ignore no route to host errors</description>
</rule>
Now, my question is:
Will my rule stop me from receiving the SMTP email if things go wrong on my ipv4?
How can I set this rule so it only look if the problem derive from my ipv6?
Thank you
Fred