[Bro] Configuring MAIL FROM:

Castle, Shane scastle at bouldercounty.org
Tue Dec 4 11:57:52 PST 2012 

Hmm - I found this in ./base/frameworks/notice/mail.bro:

        ## Address that emails will be from.
        const mail_from           = "Big Brother <bro at localhost>" &redef;
        ## Reply-to address used in outbound email.
        const reply_to            = "" &redef;

So it looks like you need to add

	redef Notice::mail_from = "Big Brother <bro at host.domain.ca>";

to your local.bro, and possibly change "reply_to" as well. Then run broctl check;broctl install;broctl restart (wash, rinse, spin) as usual.

-- 
Shane Castle
Data Security Mgr, Boulder County IT


-----Original Message-----
From: bro-bounces at bro-ids.org [mailto:bro-bounces at bro-ids.org] On Behalf Of Paul Halliday
Sent: Tuesday, December 04, 2012 12:24
To: Seth Hall
Cc: bro at bro-ids.org
Subject: Re: [Bro] Configuring MAIL FROM:

On Mon, Dec 3, 2012 at 2:39 PM, Seth Hall <seth at icir.org> wrote:
>
> On Dec 3, 2012, at 12:45 PM, Paul Halliday <paul.halliday at gmail.com> wrote:
>
>> Stumped!
>>
>> Where does bro get the host value from?
>
> Technically from the "hostname" command by default.  You can change it by using a FQDN in broctl.cfg like this...
>
> mailfrom = Big Brother <bro at yourserver.com>
>

Should it be mailfrom or MailFrom? either way it didn't appear to
influence anything.

I did fix it so that `hostname` now returns host.domain.ca. this
didn't help either.

I turned on debugging for ssmtp:

Dec  4 14:01:21 hostname sSMTP[75788]: Set Root="postmaster"
Dec  4 14:01:21 hostname sSMTP[75788]: Set MailHub="mail.domain.ca"
Dec  4 14:01:21 hostname sSMTP[75788]: Set RemotePort="25"
Dec  4 14:01:21 hostname sSMTP[75788]: Set RewriteDomain="domain.ca"
Dec  4 14:01:21 hostname sSMTP[75788]: Set HostName="hostname.nscc.ca"
Dec  4 14:01:21 hostname sSMTP[75788]: Set FromLineOverride="True"
Dec  4 14:01:21 hostname sSMTP[75788]: Set MailHub="mail.domain.ca"
Dec  4 14:01:21 hostname sSMTP[75788]: via SMTP Port Number="25"
Dec  4 14:01:21 hostname sSMTP[75788]: 220 mail.domain.ca ESMTP
(blahblahblahblah)
Dec  4 14:01:21 hostname sSMTP[75788]: HELO hostname.domain.ca
Dec  4 14:01:21 hostname sSMTP[75788]: 250 mail.domain.ca Hello
hostname.domain.ca [1.2.3.4], pleased to meet you
Dec  4 14:01:21 hostname sSMTP[75788]: MAIL FROM:<bro at hostname>
Dec  4 14:01:21 hostname sSMTP[75788]: 504 Need Fully Qualified Address
Dec  4 14:01:21 hostname sSMTP[75788]: 504 Need Fully Qualified Address

Just doing: `mail me at domain.ca` from the command line works.

Thoughts?

Thanks.

_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list