search

immauss / openvas

Containers for running the Greenbone Vulnerability Manager. Run as a single container with all services or separate single applications containers via docker-compose.
GNU Affero General Public License v3.0
360 stars 102 forks source link

postfix log files #2

Closed cybermcm closed 4 years ago

cybermcm commented 4 years ago

Hi,

First thing to say, thank you for providing an up2date version of OpenVAS! Question: My mail alerts aren't working, probably caused by some security settings of my mail server. Is it possible to get the mail logs from Postfix? I can't find anything inside the container since syslog isn't available. Logging to a file seems possible with Postfix >3.4 but included is a 3.3 version... any ideas?

immauss commented 4 years ago

Well ... you could install syslog. (probably rsyslog) The image is fully functioning Ubuntu. So the following should get you there: apt update apt install syslog-ng service syslog-ng start service postfix restart

You should now have a mail.log in /var/log

And as I test this .... I realize that mail is no longer working from on the latest build ..... Tested all of the scanning functionality, but didn't test the mail.

So there may be another underlying issue. I'll put some energy on this a little later today and get back to you.

Thanks, Scott

immauss commented 4 years ago

OK ... for my case, it was a problem with the mail server on the host, and not related to the container. If you are using the docker host as the relay host, make sure you add appropriate iptables rules to the host so the container can connect.

immauss commented 4 years ago

And if you have to modify anything inside the container to get it working, please let me know and I'll see if I can work it into the build. Otherwise, you'll have to make those changes again when you pull a new image at the next release.

Thanks, Scott

cybermcm commented 4 years ago

Thank you for your fast answer... no clue why I didn't think about installing syslog ;-)... Anyway, installed syslog -> mail is working Removed container, tried again -> mail is not working... is it possible that syslog is required? can you confirm this behavior?

immauss commented 4 years ago

Sorry for the delay this time. I can confirm that my setup is working and sending mail without installing syslog.

cybermcm commented 4 years ago

thx for your reply... I tested it again, removed container, removed image, started fresh -> mail not working (created a test alert on task creation) jumped into the container -> "service postfix restart" and suddenly mails get delivered, even the "old" one after container creation, so they seem to be stucked in a queue and postfix restart triggers them... any idea what the problem could be in this case?

immauss commented 4 years ago

Can you send me the command you are using to start the container? Are you sending the email to the same host the container is running on or anther mail server ?

-Scott

G.E. Scott Knauss i mailto:scott@knauss.commmauss@gmail.com Computer Geek Security Guy Linux Guru

On Jun 10, 2020, at 11:28 AM, cybermcm notifications@github.com wrote:

thx for your reply... I tested it again, removed container, removed image, started fresh -> mail not working (created a test alert on task creation) jumped into the container -> "service postfix restart" and suddenly mails get delivered (even the "old" one after container creation, so they seem to be stucked in a queue and postfix restart triggers them... any idea what the problem could be in this case?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/immauss/openvas/issues/2#issuecomment-641876177, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA6IER3MVF7UVZC6N7JJI7TRV5G4DANCNFSM4NP4WAAA.

cybermcm commented 4 years ago

I did a little more digging, it is a DNS issue. Right after a fresh start the folder /var/spool/postfix/etc/ is empty resulting in a DNS error. I looked for my queued test mail and the error message is

Host or domain name not found. Name service error for name=mail type=MX: Host not found, try again

right after a

service postfix restart

the folder /var/spool/postfix/etc/ is filled with files and it contains a resolv.conf copy and DNS starts working...

not sure why this happens with my container. My mail server is another docker container on the same host.

docker compose:

openvas:
  container_name: openvas
  environment:
   - PASSWORD=${openvas_OV_PASSWORD}
   - RELAYHOST=mail
  hostname: openvas.${hostname}
  image: immauss/openvas
  labels:
   - ${ouro_true}
   - traefik.enable=true
   - "traefik.http.routers.openvas.rule=Host(`openvas.${hostname}`)"
   - traefik.http.routers.openvas.entrypoints=web-secure
   - traefik.http.routers.openvas.tls.certresolver=le
   - traefik.http.routers.openvas.tls=true
   - traefik.http.routers.openvas.priority=2
   - traefik.http.routers.openvas.tls.options=default
   - traefik.http.routers.openvas.service=openvas
   - traefik.http.services.openvas.loadbalancer.server.port=9392
  networks:
   - web
  restart: always
  volumes:
   - ${timezone}
   - ${localtime}
   - /opt/openvas:/data
immauss commented 4 years ago

Well that definitely explains why I don’t have an issue, I point the mail at an IP. So no DNS needed. I can mod the base image to restart postfix once as a quick fix, then try to find a better solution.

Thanks!

-Scott

Scott Knauss scott@immauss.com Certified Ethical Hacker Certified Hacking Forensic Investigator, CISSP, RHCE Immauss Technology Solutions ITS It's about solutions https://www.immauss.com On Jun 11, 2020, 15:49 +0200, cybermcm notifications@github.com, wrote:

I did a little more digging, it is a DNS issue. Right after a fresh start the folder /var/spool/postfix/etc/ is empty resulting in a DNS error. I looked for my queued test mail and the error message is Host or domain name not found. Name service error for name=mail type=MX: Host not found, try again right after a

service postfix restart the folder /var/spool/postfix/etc/ is filled with files and it contains a resolv.conf copy and DNS starts working... not sure why this happens with my container. My mail server is another docker container on the same host. docker compose: openvas: container_name: openvas environment:

  • PASSWORD=${openvas_OV_PASSWORD}
  • RELAYHOST=mail hostname: openvas.${hostname} image: immauss/openvas labels:
  • ${ouro_true}
  • traefik.enable=true
  • "traefik.http.routers.openvas.rule=Host(openvas.${hostname})"
  • traefik.http.routers.openvas.entrypoints=web-secure
  • traefik.http.routers.openvas.tls.certresolver=le
  • traefik.http.routers.openvas.tls=true
  • traefik.http.routers.openvas.priority=2
  • traefik.http.routers.openvas.tls.options=default
  • traefik.http.routers.openvas.service=openvas
  • traefik.http.services.openvas.loadbalancer.server.port=9392 networks:
  • web restart: always volumes:
  • ${timezone}
  • ${localtime}
  • /opt/openvas:/data — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
immauss commented 4 years ago

So I sat down today to add that restart and realized that I was not starting the service, but just starting the postfix daemon, which means anything setup by the init scripts was never run. So I switched that out for a "service postfix start"

I literally just pushed the change to github, so it might take a little while for docker to catch up. Make sure the image you pull is dated today, and the change should be there.

-Scott

immauss commented 4 years ago

Hold on that ... It's failing to start now for something else ...

immauss commented 4 years ago

nevermind ... it was my dns server... All is good.

cybermcm commented 4 years ago

just tried it, deleted everything Openvas related and started fresh. I can confirm that the postfix init is working and also postfix DNS -> mails get through... thanks for the fix!