[Bro] Configuring MAIL FROM:

Paul Halliday paul.halliday at gmail.com
Wed Dec 5 06:16:19 PST 2012 

Worked like a charm. Thanks!

On Tue, Dec 4, 2012 at 3:57 PM, Castle, Shane <scastle at bouldercounty.org> wrote:
> Hmm - I found this in ./base/frameworks/notice/mail.bro:
>
>         ## Address that emails will be from.
>         const mail_from           = "Big Brother <bro at localhost>" &redef;
>         ## Reply-to address used in outbound email.
>         const reply_to            = "" &redef;
>
> So it looks like you need to add
>
>         redef Notice::mail_from = "Big Brother <bro at host.domain.ca>";
>
> to your local.bro, and possibly change "reply_to" as well. Then run broctl check;broctl install;broctl restart (wash, rinse, spin) as usual.
>
> --
> Shane Castle
> Data Security Mgr, Boulder County IT
>
>
> -----Original Message-----
> From: bro-bounces at bro-ids.org [mailto:bro-bounces at bro-ids.org] On Behalf Of Paul Halliday
> Sent: Tuesday, December 04, 2012 12:24
> To: Seth Hall
> Cc: bro at bro-ids.org
> Subject: Re: [Bro] Configuring MAIL FROM:
>
> On Mon, Dec 3, 2012 at 2:39 PM, Seth Hall <seth at icir.org> wrote:
>>
>> On Dec 3, 2012, at 12:45 PM, Paul Halliday <paul.halliday at gmail.com> wrote:
>>
>>> Stumped!
>>>
>>> Where does bro get the host value from?
>>
>> Technically from the "hostname" command by default.  You can change it by using a FQDN in broctl.cfg like this...
>>
>> mailfrom = Big Brother <bro at yourserver.com>
>>
>
> Should it be mailfrom or MailFrom? either way it didn't appear to
> influence anything.
>
> I did fix it so that `hostname` now returns host.domain.ca. this
> didn't help either.
>
> I turned on debugging for ssmtp:
>
> Dec  4 14:01:21 hostname sSMTP[75788]: Set Root="postmaster"
> Dec  4 14:01:21 hostname sSMTP[75788]: Set MailHub="mail.domain.ca"
> Dec  4 14:01:21 hostname sSMTP[75788]: Set RemotePort="25"
> Dec  4 14:01:21 hostname sSMTP[75788]: Set RewriteDomain="domain.ca"
> Dec  4 14:01:21 hostname sSMTP[75788]: Set HostName="hostname.nscc.ca"
> Dec  4 14:01:21 hostname sSMTP[75788]: Set FromLineOverride="True"
> Dec  4 14:01:21 hostname sSMTP[75788]: Set MailHub="mail.domain.ca"
> Dec  4 14:01:21 hostname sSMTP[75788]: via SMTP Port Number="25"
> Dec  4 14:01:21 hostname sSMTP[75788]: 220 mail.domain.ca ESMTP
> (blahblahblahblah)
> Dec  4 14:01:21 hostname sSMTP[75788]: HELO hostname.domain.ca
> Dec  4 14:01:21 hostname sSMTP[75788]: 250 mail.domain.ca Hello
> hostname.domain.ca [1.2.3.4], pleased to meet you
> Dec  4 14:01:21 hostname sSMTP[75788]: MAIL FROM:<bro at hostname>
> Dec  4 14:01:21 hostname sSMTP[75788]: 504 Need Fully Qualified Address
> Dec  4 14:01:21 hostname sSMTP[75788]: 504 Need Fully Qualified Address
>
> Just doing: `mail me at domain.ca` from the command line works.
>
> Thoughts?
>
> Thanks.
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



-- 
Paul Halliday
http://www.pintumbler.org/

More information about the Bro mailing list