Allow for multiple smtp_server entries to provide mail redundancy / failover

[mjbroekman]

I'm running OSSEC 2.9.1 currently and I'm looking at ways to get more redundancy in my configuration. I have multiple SMTP servers in my environment and I would like to configure OSSEC to use whichever one is available, but it looks like OSSEC only uses the LAST smtp_server entry in the configuration.

In my config, I have:

10.0.0.1 10.0.1.1

When I start up ossec-maild in the foreground with lots of debug flags, I only see:

2017/10/20 08:42:57 INFO: Connected to 10.0.1.1 at address 10.0.1.1, port 25

It doesn't appear to even try the 10.0.0.1 address.

After looking at the documentation, I suspect that it only uses the last entry as there is no note in the docs to say that multiple entries are allowed.

If that is the case, I would like request support for multiple smtp servers be added. If the support is there and the syntax is just off, the documentation should be updated to reflect the proper syntax for using multiple smtp servers.

[ddpbsd]

It seems like configuring it to use the local smtpd and configuring that to send the mail properly would be a much better solution.

[reyjrar]

Going to agree with @ddpbsd on this. Though after reviewing the code in the mail daemon, it does appear that any email attempting delivery while an SMTP server is down will be dropped on the floor, or worse, the OSSEC mailer daemon may crash.

This issue would be better worded:

"Ensure mail deliveries attempted when the smtp_server is unreachable are queued for later delivery."

[wsandin]

I'd be happy to look into this.