Sending security alert logs with msmtp/ssmtp/mutt
by jorjor242 from LinuxQuestions.org on (#5203P)
Hi all - I am attempting to make a chronjob to email me the latest security alerts from my Suricata IDS on an Ubuntu - I originally installed Postfix but I couldn't get it to work. I have code that is collecting the logs:
tail -n 50 /var/log/suricata/fast.log > "$(date '+%Y-%m-%d_%H-%M-%S').log"
I have been able to successfully send email with this command:
echo -e "Subject: Test Mail\r\n\r\nawfwafawfwafwa" |msmtp --debug --from=default -t xxx@gmail.com
However, I cannot get mutt or mpack or ssmtp to send the log file after it is generated:
ssmtp xxxx@gmail.com < 2020_04_09_10_03_PM.log -v
[<-] 220 smtp.gmail.com ESMTP x68sm1986293qka.129 - gsmtp
[->] EHLO osboxes.lan
[<-] 250 SMTPUTF8
[->] STARTTLS
[<-] 220 2.0.0 Ready to start TLS
[->] EHLO osboxes.lan
[<-]
ssmtp: (osboxes.lan)
Or with mutt:
echo "Message Body Here" | mutt -s "Subject Here" -a 2020_04_09_10_03_PM.log xxx@gmail.com
Can't stat xxx@gmail.com: No such file or directory
xxx@gmail.com: unable to attach file.
or with mpack:
mpack -s "awfwaf" 2020_04_09_10_03_PM.log xxx@gmail.com
sendmail: (osboxes.lan)
The errors I receive deal with postfix:
Apr 8 18:18:17 osboxes postfix/smtpd[11274]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains
Apr 8 18:19:18 osboxes postfix/smtpd[11518]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains
Apr 8 18:20:19 osboxes postfix/smtpd[11923]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains
Apr 8 18:21:20 osboxes postfix/smtpd[12168]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains
Apr 8 18:27:28 osboxes sSMTP[14373]: (osboxes)
Apr 8 18:28:21 osboxes sSMTP[14793]: (osboxes)
Apr 8 18:30:09 osboxes sSMTP[15236]: (osboxes)
Apr 8 18:31:53 osboxes sSMTP[15638]: (osboxes)
Apr 8 18:33:33 osboxes sSMTP[16058]: (osboxes)
Apr 8 18:41:36 osboxes sSMTP[18113]: (osboxes.lan)
Apr 8 23:41:12 osboxes sSMTP[25657]: (osboxes.lan)
Apr 9 22:09:24 osboxes sSMTP[29302]: (osboxes.lan)
Apr 9 22:09:49 osboxes sSMTP[29407]: (osboxes.lan)
Apr 9 22:09:55 osboxes sSMTP[29437]: (osboxes.lan)
Apr 9 22:15:44 osboxes sSMTP[30869]: (osboxes.lan)
Apr 9 22:51:29 osboxes sSMTP[7201]: (osboxes.lan)
Apr 9 22:53:55 osboxes sSMTP[8510]: (osboxes.lan)
Apr 9 23:02:38 osboxes sSMTP[10646]: (osboxes.lan)
Apr 9 23:03:50 osboxes sSMTP[10938]: (osboxes.lan)
Apr 9 23:04:56 osboxes sSMTP[11204]: (osboxes.lan)
Apr 10 00:06:06 osboxes sSMTP[25909]: (osboxes.lan)
Apr 10 00:08:39 osboxes sSMTP[27253]: (osboxes.lan)
Apr 10 00:12:21 osboxes sSMTP[28220]: (osboxes.lan)
Apr 10 00:23:19 osboxes sSMTP[30963]: (osboxes.lan)
Apr 10 12:22:00 osboxes sSMTP[4644]: (osboxes.lan)
Apr 10 12:25:28 osboxes sSMTP[5501]: (osboxes.lan)
Apr 10 12:28:48 osboxes sSMTP[6335]: (osboxes.lan)
Apr 10 12:32:31 osboxes sSMTP[7313]: (osboxes.lan)
Apr 10 12:32:45 osboxes sSMTP[7373]: (osboxes.lan)
In my postfix config this is the line:
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
When I try to remove postfix it isn't recognized as being there..:
sudo apt-get remove postfix
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'postfix' is not installed, so not removed
This is my ssmtp config:
root=postmaster
SERVER=xxx@gmail.com
# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.gmail.com:587
AuthUser=xxx@gmail.com
AuthPass=xxx
UseTLS=YES
UseSTARTTLS=YES
# Where will the mail seem to come from?
rewriteDomain=gmail.com
# The full hostname
hostname=osboxes.lan
# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES
Sorry for the long post tried to provide as much context as possible.
tail -n 50 /var/log/suricata/fast.log > "$(date '+%Y-%m-%d_%H-%M-%S').log"
I have been able to successfully send email with this command:
echo -e "Subject: Test Mail\r\n\r\nawfwafawfwafwa" |msmtp --debug --from=default -t xxx@gmail.com
However, I cannot get mutt or mpack or ssmtp to send the log file after it is generated:
ssmtp xxxx@gmail.com < 2020_04_09_10_03_PM.log -v
[<-] 220 smtp.gmail.com ESMTP x68sm1986293qka.129 - gsmtp
[->] EHLO osboxes.lan
[<-] 250 SMTPUTF8
[->] STARTTLS
[<-] 220 2.0.0 Ready to start TLS
[->] EHLO osboxes.lan
[<-]
ssmtp: (osboxes.lan)
Or with mutt:
echo "Message Body Here" | mutt -s "Subject Here" -a 2020_04_09_10_03_PM.log xxx@gmail.com
Can't stat xxx@gmail.com: No such file or directory
xxx@gmail.com: unable to attach file.
or with mpack:
mpack -s "awfwaf" 2020_04_09_10_03_PM.log xxx@gmail.com
sendmail: (osboxes.lan)
The errors I receive deal with postfix:
Apr 8 18:18:17 osboxes postfix/smtpd[11274]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains
Apr 8 18:19:18 osboxes postfix/smtpd[11518]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains
Apr 8 18:20:19 osboxes postfix/smtpd[11923]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains
Apr 8 18:21:20 osboxes postfix/smtpd[12168]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains
Apr 8 18:27:28 osboxes sSMTP[14373]: (osboxes)
Apr 8 18:28:21 osboxes sSMTP[14793]: (osboxes)
Apr 8 18:30:09 osboxes sSMTP[15236]: (osboxes)
Apr 8 18:31:53 osboxes sSMTP[15638]: (osboxes)
Apr 8 18:33:33 osboxes sSMTP[16058]: (osboxes)
Apr 8 18:41:36 osboxes sSMTP[18113]: (osboxes.lan)
Apr 8 23:41:12 osboxes sSMTP[25657]: (osboxes.lan)
Apr 9 22:09:24 osboxes sSMTP[29302]: (osboxes.lan)
Apr 9 22:09:49 osboxes sSMTP[29407]: (osboxes.lan)
Apr 9 22:09:55 osboxes sSMTP[29437]: (osboxes.lan)
Apr 9 22:15:44 osboxes sSMTP[30869]: (osboxes.lan)
Apr 9 22:51:29 osboxes sSMTP[7201]: (osboxes.lan)
Apr 9 22:53:55 osboxes sSMTP[8510]: (osboxes.lan)
Apr 9 23:02:38 osboxes sSMTP[10646]: (osboxes.lan)
Apr 9 23:03:50 osboxes sSMTP[10938]: (osboxes.lan)
Apr 9 23:04:56 osboxes sSMTP[11204]: (osboxes.lan)
Apr 10 00:06:06 osboxes sSMTP[25909]: (osboxes.lan)
Apr 10 00:08:39 osboxes sSMTP[27253]: (osboxes.lan)
Apr 10 00:12:21 osboxes sSMTP[28220]: (osboxes.lan)
Apr 10 00:23:19 osboxes sSMTP[30963]: (osboxes.lan)
Apr 10 12:22:00 osboxes sSMTP[4644]: (osboxes.lan)
Apr 10 12:25:28 osboxes sSMTP[5501]: (osboxes.lan)
Apr 10 12:28:48 osboxes sSMTP[6335]: (osboxes.lan)
Apr 10 12:32:31 osboxes sSMTP[7313]: (osboxes.lan)
Apr 10 12:32:45 osboxes sSMTP[7373]: (osboxes.lan)
In my postfix config this is the line:
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
When I try to remove postfix it isn't recognized as being there..:
sudo apt-get remove postfix
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'postfix' is not installed, so not removed
This is my ssmtp config:
root=postmaster
SERVER=xxx@gmail.com
# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.gmail.com:587
AuthUser=xxx@gmail.com
AuthPass=xxx
UseTLS=YES
UseSTARTTLS=YES
# Where will the mail seem to come from?
rewriteDomain=gmail.com
# The full hostname
hostname=osboxes.lan
# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES
Sorry for the long post tried to provide as much context as possible.