Maild does no longer work after upgrade to 3.4.0

[tiiiecherle]

Hey,

first of all thanks for this project and for all the hard work put into this.

After upgrading to Gossec hids (local install) 3.4.0 on archlinux (all other packages up-to-date) with a manual installation mails are no longer sent.

I did not change anything at the systemd service or any other file or config.

I use msmtp for sending the mails from the root account and tested its functionality. msmtp is working fine.

This is my global section from the config file.

  <global>
    <email_notification>yes</email_notification>
    <email_to>mymail@mail.com</email_to>
    <smtp_server>/usr/bin/msmtp --from="ossec_`hostname`" -t</smtp_server>
    <email_from>mymail@mail.com</email_from>
    <email_maxperhour>100</email_maxperhour>
  </global>

Producing an event that leads to sending an e-mail results in

ossec-maild: DEBUG: Running OS_Sendmail()
ossec-maild: ERROR: No socket.
sendmail: no sender found

When changing the smtp_server line to
<smtp_server>/usr/bin/msmtp --from="ossec_hostname" -t mymail@mail.com</smtp_server>
the error output changes to

ossec-maild: DEBUG: Running OS_Sendmail()
ossec-maild: ERROR: No socket.

It has always worked with the exact same settings before and a downgrade to 3.3 solves the issue. Thanks for any help and looking into this in advance.

Kind regards,

Tom

[ddpbsd]

Please test pull request #1783

[tiiiecherle]

Please test pull request #1783

Working again with this fix. Thanks a lot.
As I think a lot of people might use this feature a soon small dot release would be nice.

One more question. ps shows two main ossec-maild processes and a third one (ossec-maild ) when sending emails. Is that intentional or shouldn't there be just one main process and the defunct one only when sending emails?

ps cax | grep ossec-
  31556 ?        S      0:00 ossec-execd
  31560 ?        S      0:00 ossec-analysisd
  31564 ?        S      0:00 ossec-logcollec
  31602 ?        S      0:00 ossec-syscheckd
  31606 ?        S      0:00 ossec-monitord
  31651 ?        S      0:00 ossec-maild
  31652 ?        S      0:00 ossec-maild
  32238 ?        Z      0:00 ossec-maild <defunct>

Thanks a lot for the fast help.

[ddpbsd]

There is the main process, and the process that initiates network connections.

[tiiiecherle]

o.k., thanks.

For me the commit could be merged, the issue closed and a 3.4.1 release would be very nice. Thanks.

[tiiiecherle]

I just installed on my systems from the current git source including the fixing commit and it works.

Thanks. So the 3.4.1 release is not necessary for me. But I guess the email notification is important and more people will have the problem with the 3.4.0 release.

Thanks again for the fast help and for the fast and working fix.

[atomicturtle]

Merged into 3.5.0 release