Re: [Sguil-users] Troubleshoot SGUIL email issues
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
Re: [Sguil-users] Troubleshoot SGUIL email issues
|
From: Matt . <stt...@gm...> - 2015-12-07 22:51:35
|
Sorry I meant to state that when I posted. I did check the log file, didn't see errors, restarted anyways. I also tried a few changes for the fun of it, no love. Now today it's now mostly working... Not sure why since I hadn't changed anything since the deployment until the problems started happening recently. That said there's one outlier, The mail server is getting frequent request from the Security Onion server still. Pasting in a snippet, happening many times a minute. I substitued the actual server name "servername", it isn't a real domain name as the error implies. I've sifted through config files for nullmailr etc and while I found on eplace that i replaced "servername" with an actual domain name I must be failing to look a tsome fonig file. MAIL+FROM:<sg...@se...rvername> 501+Your+domain+does+not+seem+to+be+valid.+Could+not+find+MX+record+for+your+domain. ICOM-ME 2015-12-07 14:19:20 xx.xx.xx.xx SMTP-IN xx.xx.xx.74 2152 QUIT QUIT 221+Service+closing+transmission+channel ICOM-ME 2015-12-07 14:19:20 xx.xx.xx.xx SMTP-IN xx.xx.xx.74 1624 HELO HELO+ domain.com 250+Requested+mail+action+okay,+completed ICOM-ME 2015-12-07 14:19:20 xx.xx.xx.xx SMTP-IN xx.xx.xx.74 1624 MAIL MAIL+FROM:<ro...@se...rvername> 501+Your+domain+does+not+seem+to+be+valid.+Could+not+find+MX+record+for+your+domain. ICOM-ME 2015-12-07 14:19:20 xx.xx.xx.xx SMTP-IN xx.xx.xx.74 1624 QUIT QUIT 221+Service+closing+transmission+channel ICOM-ME 2015-12-07 14:19:20 xx.xx.xx.xx SMTP-IN xx.xx.xx.74 1460 HELO HELO+ domain.com 250+Requested+mail+action+okay,+completed ICOM-ME 2015-12-07 14:19:20 xx.xx.xx.xx SMTP-IN xx.xx.xx.74 1460 MAIL MAIL+FROM:<ro...@se...rvername> 501+Your+domain+does+not+seem+to+be+valid.+Could+not+find+MX+record+for+your+domain. ICOM-ME 2015-12-07 14:19:20 xx.xx.xx.xx SMTP-IN xx.xx.xx.74 1460 QUIT QUIT 221+Service+closing+transmission+channel ICOM-ME 2015-12-07 14:19:20 xx.xx.xx.xx SMTP-IN xx.xx.xx.74 2000 HELO HELO+ domain.com 250+Requested+mail+action+okay,+completed ICOM-ME 2015-12-07 14:19:20 xx.xx.xx.xx SMTP-IN xx.xx.xx.74 2000 MAIL MAIL+FROM:<ro...@se...rvername> 501+Your+domain+does+not+seem+to+be+valid.+Could+not+find+MX+record+for+your+domain. ICOM-ME 2015-12-07 14:19:20 xx.xx.xx.xx SMTP-IN xx.xx.xx.74 2000 QUIT QUIT 221+Service+closing+transmission+channel ICOM-ME Thanks, Matt On Fri, Dec 4, 2015 at 4:14 PM, Doug Burks <dou...@gm...> wrote: > Hi Matt, > > Have you checked the sguild log file? > /var/log/nsm/securityonion/sguild.log > > Have you tried restarting sguild? > sudo nsm_server_ps-restart > > On Fri, Dec 4, 2015 at 5:35 PM, Matt . <stt...@gm...> wrote: > > I use Security Onion which utilizes SGUIL. I've stopped receiving email > from > > SGUIL on my main server. I don't see errors in sguil.log. > > > > I've since enabled SGUIL email on a secondary server (duplicating the > config > > of the main one). It's working properly. > > > > At one point the IP was blocked of the main server, weeks ago, but it was > > unblocked. I'm wondering if SGUIL is choking on the backlog or something. > > > > I'm ok with purging old email and starting from "now". What steps can I > take > > to troubleshoot this further? I'm guessing I'm not checking a location > for > > some logs somewhere. > > > > Thanks, > > Matt > > > > > > > ------------------------------------------------------------------------------ > > Go from Idea to Many App Stores Faster with Intel(R) XDK > > Give your users amazing mobile app experiences with Intel(R) XDK. > > Use one codebase in this all-in-one HTML5 development environment. > > Design, debug & build mobile apps & 2D/3D high-impact games for multiple > > OSs. > > http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 > > _______________________________________________ > > Sguil-users mailing list > > Sgu...@li... > > https://lists.sourceforge.net/lists/listinfo/sguil-users > > > > > > -- > Doug Burks > Need Security Onion Training or Commercial Support? > http://securityonionsolutions.com > > > ------------------------------------------------------------------------------ > Go from Idea to Many App Stores Faster with Intel(R) XDK > Give your users amazing mobile app experiences with Intel(R) XDK. > Use one codebase in this all-in-one HTML5 development environment. > Design, debug & build mobile apps & 2D/3D high-impact games for multiple > OSs. > http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 > _______________________________________________ > Sguil-users mailing list > Sgu...@li... > https://lists.sourceforge.net/lists/listinfo/sguil-users > |