Configuring SMTP for alerts

rippledj · August 10, 2023, 12:08am

I am looking at setting up SMTP for alert notifications. Thanks to @bricks I was able to see how the Docker containers can be configured to use msmtp as an MTA. I have some instructions for setting up msmtp MTA for Kali Linux or for the source code install:

Greenbone’s gvmd uses a system call to sendmail when alerts are sent. Seems the recommended method is to use msmtp (which is a drop in replacement) so, these instructions should work regardless of whether sendmail is already installed although they will disable sendmail.

Install msmtp

$ sudo apt install msmtp

Seems the configuration file is not created by default so we have to create one. The default locations are /etc/msmtprc (global) or ~/.msmtprc (for user):

sudo nano /etc/msmtprc

Enter basic config settings. You can replace gmail with another SMTP provider. You may have to check your email provider for policy for sending automated email or other settings.

# Set default account
defaults
auth           on
tls            on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
#logfile        ~/.msmtp.log
# Override the default log file
logfile        /var/log/gvm/gvmd.log

# Gmail account
account gmail
host smtp.gmail.com
port 587
from user@gmail.com
user user@gmail.com
password <your-password>

# Set the default account to use
account default: gmail

Create a sample email.txt file with

To: recipient@domain.com
Subject: Testing
Testing the msmtp email

Test the msmtp command with :

msmtp -d -f user@gmail.com recipient@domain.com < email.txt

NOTE: you will likely see a warning that msmtp can’t access the log file, but that’s
ok because it’s protected by GVM, but when GVM sends the mail it will have access…

Create a symlink from sendmail to msmtp:
Get the location of msmtp

which msmtp

Use the location to create a symlink from sendmail to msmtp. If you have sendmail installed already, you have to move the binary to another location or just delete it to replace it with the symlink.

sudo ln -s /usr/bin/msmtp /usr/sbin/sendmail

Test with sendmail as the replacement via symlink

sendmail -d -f user@gmail.com recipient@domain.com < email.txt

Now Greenbone should be able to use SMTP for alerts.

However, although this works fine when creating an alert as long as you specify the same From: address as used in the config file, there can be an issue when using the Task Wizard.

If the To: destination email address entered into the task wizard is the same as you configured in the msmtp config, it will send fine, but specifying a different To: address will not send.

The problem seems to be caused because the email address specified in the To: field of the Advanced Task Wizard will also be used as the From: address when calling the sendmail command. The days of blind mail relay are mostly gone, so this will fail.

The task wizard creates an alert item and uses the From: address for both the To: and From:. If you want the alert for the wizard created task to send to another email address than the configured send address, you can manually edit the alert and change From: to the send address that is configured with msmtp

This could be solved by not specifying any From: address when creating the alert for the Wizard task, but although this would send from msmtp, it would have an empty From: field in the created alert. It might be better to allow the user to enter a From: address as well in the Wizard, but it may also make sense to just rely on the msmtp configuration for all the From: addresses in alerts.

Either way, once I learned that it works great.

Also, I was very surprised to find that there isn’t a widely known or established SMTP module for C like pretty much every other language.

My humble suggestion in lieu of C lacking a robust SMTP package is:

Using msmtp is better than the traditional sendmail since its more convenient to configure
There should be an SMTP credential type with various auth fields, port, smtp-host, and TLS settings
Alerts and Advanced task wizard should allow a stored SMTP credential to be set instead of a From: email address.
The email send function in Greenbone can configure the SMTP credential’s settings into command line options for sendmail / msmtp at runtime of sending the email.

This method would allow user’s to simply enter their SMTP service provider auth credentials and settings and they wouldn’t even have to configure the sendmail / msmtp.

Ulrich · June 19, 2024, 9:45am

Hello there,
I followed your tutorial, and now, when I send the test with this command “sendmail -d -f user@gmail.com recipient@domain.com < email.txt” I receive mail normally in my mailbox, but Greenbone is still not able to use SMTP for alerts.
If you can help me with please.
Thank you for your help,
Ulrich

rippledj · June 24, 2024, 2:03am

I suggest testing the alert you have created. On the alerts page, to the far right of the alert item, you will see a “play” button, like the screenshot below. This will test the alert you have created. From there it may output some useful context to the GUI. Otherwise, more context is available in the gvmd.log file.

$ sudo tail /var/log/gvm/gvmd.log
event alert:MESSAGE:2024-06-24 01h57.51 UTC:1475: The alert Test email alert was triggered (Event: Task status changed to 'Done', Condition: Always)
md manage:WARNING:2024-06-24 01h57.51 UTC:1475: email: system failed with ret 32512, 127, read FROM TO < /tmp/gvmd-args-4dNuqa; /usr/sbin/sendmail -f "$FROM" "$TO" < /tmp/gvmd-content-NXe0G4 > /dev/null 2>&1

You should also check the sendmail or msmtp logs to determine any causes for the failure.

Ulrich · June 21, 2024, 11:23am

Hello everyone,

I’m new to Greenbone, I installed it on a VM running Ubuntu 22.04 LTS.
I followed your tuto, and install Greenbone and all works for the best.
My current problem is that I’d like to receive alerts by email,
so I followed another of your documentation “Configuring SMTP for alerts”
I think I’ve done all the steps, the server sends the emails from the relay,
but Greenbone is still unable to use the SMTP relay to send alerts.
I get this error “Testing the alert Test envoie de rapport failed. Internal error.”
If you can help me with please.
Thank you,
Ulrich

Translated with DeepL.com (free version)

rippledj · June 24, 2024, 2:56am

Just a note that I have moved this post into the thread of the same topic by the same user. Please do not post your issues twice.

Ulrich · June 24, 2024, 10:38am

Hello Mr Joseph,
Thank you for your comment and I’m sorry if it caused any inconvenience.
Thank you for your reaction. I have in fact carried out the test you suggested and it is this test that is giving me the following error:
While sending from the terminal works fine, I’m using msmtp as a relay agent.
If you can help me solve this problem, please, thank you.
Ulrich

rippledj · June 24, 2024, 10:43am

What about the tail of /var/log/gvm/gvmd.log? I also mentioned that more information is available there.

Ulrich · June 24, 2024, 11:21am

Here’s what I have in the log file
There was an error, I couldn’t answer right away…

rippledj · June 24, 2024, 12:33pm

Please don’t post screenshots. Use the properly formatted text. Read this introduction to the forum. for the guidelines. Thanks!

It does not make sense that your log file is almost empty since many gvmd transactions are logged.
I suggest looking at the msmtp logs in /var/log/msmtp/msmtp.log.

Ulrich · June 25, 2024, 11:43am

Hello Monsieur Joseph,
First of all, I’d like to apologize for yesterday, when I got an error message preventing me from continuing our exchange.
This time, I’m sending you the contents of the .msmtp.log file.
Thank you very much,
Ulrich

Ulrich · June 25, 2024, 1:21pm

Here’s the error I get when I try to send the report as text.
So I’m sending it as an image, hoping to find another way to do it.

“An error occurred: Sorry, new users can only put 2 links in a post.”

Ulrich · June 26, 2024, 10:04am

rippledj · July 4, 2024, 6:40am

In this case, I would suggest reviewing Outlook’s SMTP policies. I know for Zoho, the email may be rejected based on the inclusion or exclusion of certain headers. Offhand, I don’t know which headers are being added via the Greenbone email alert, but they would be more extensive than the sample email.txt file above.

Like I said, for Zoho, the basic email.txt file with only sender, subject and content will not deliver, while adding some additional standard email headers it will pass their security filters.

Ulrich · July 12, 2024, 12:00pm

Hello Mr Joseph,
Thank you again for your response, do you have any documentation to guide me please.
Thank you very much,
Ulrich