Solved: Re: mail alert from checkpoint

Pantsu · ‎2020-02-14

I want receive email notifications from checkpoint about critical alerts (anty virus, ips, anti-bot) , i find it in smartevent , but when i create new ' Automatic reaction' there are only "Outgoing mail server (SMTP)" Parameter, i think it is not enough , where i can enter my email credentials (Username and password ) and POP Parameters, i think those are necessary .

vladt · ‎2023-11-15

Checkpoint imported the msmtp (sendmail command is actually a link) tool from RHEL 5.2 while removing the SSL/TLS support.

However, it is still possible to send emails with authentication, for example Gmail.

Command used:

curl_cli --ssl-reqd \
--url 'smtps://smtp.gmail.com:465' \
--user 'tester@example.com:APP PASSWORD' \
--mail-from 'tester@example.com' \
--mail-rcpt 'recepient@gmail.com' \
--upload-file mail.txt \
--cacert /opt/CPsuite-R81.10/fw1/database/ca_bundle.pem

File contents:

[Expert@fw:0]# cat mail.txt
From: "tester" <tester@example.com>
To: "recepient" <recepient@gmail.com>
Subject: This is a test

Hi from tester
Bye!

View solution in original post

PhoneBoy · ‎2020-02-14

Neither of those options are supported.
They also should not be required (or are generally not) for internal SMTP servers.

Pantsu · ‎2020-02-16

Thanks for you reply, but i did't understand ,

1) Is it possible to receive email from my Server ?
2) How it send me email with only those few parameter (without credentials).

PhoneBoy · ‎2020-02-16

You need an SMTP mail server that will accept email sent from your SmartEvent without authentication.
Usually both the SmartEvent server and an SMTP server are inside your protected network.

Pantsu · ‎2020-02-16

We have SMTP mail server, but it is in cloud (smtp.office365.com)
1) how i can use this server to accept email sent from my SmartEvent?
2) which would be source , who would send me this email from SmartEvent , if i did not put somewhere mail credentials in SmartEvent .

PhoneBoy · ‎2020-02-18

The built-in mail feature in SmartEvent Automatic Reaction does not currently support using SMTP Authentication, which would be required to support Office 365.
You should be able to write a script that calls /sbin/sendmail on the management server that supplies the required credentials to send the email.

jperry · ‎2020-07-09

I'm looking to do this same thing.. Would you have any examples of what the script might look like?

vitsprediction · ‎2022-03-10

Hi jperry,

Have you found the script or solution?

Steven_Sultana · ‎2022-04-26

Indeed there must be a way, since for SmartView it is possible to send authenticated and TLS emails.

However I'm messing a bit with /sbin/sendmail (msmtp) and when enabling TLS I'm getting an error that "sendmail: support for TLS is not compiled in" (R81, take 44).

Does that mean Smartview is actually using /opt/CPsuite-R81/fw1/bin/sendmail ?

Does the -m option take the same file as msmtp?

sendmail [-t server] [ [-m filename] | [-s subject] [-f from] email-address]

I have something like this:

[Expert@Lab-MGMT01:0]# cat sendmail.cfg
# Set default values for all accounts.
account default
auth           on
tls            on
tls_trust_file /var/opt/CPshrd-R81/conf/ca-bundle.crt
logfile        /var/log/msmtp

# Office365
host           smtp.office365.com
port           587
from           sender@example.com
user           sender@example.com
password       PlaintextPassword

# Syslog logging with facility LOG_MAIL instead of the default LOG_USER
syslog LOG_MAIL

Called as:

[Expert@Lab-MGMT01:0]# /opt/CPsuite-R81/fw1/bin/sendmail -m sendmail.cfg recipient@example.com
0
[Expert@Lab-MGMT01:0]#
[Expert@Lab-MGMT01:0]# sendmail -C sendmail.cfg recipient@example.com
sendmail: support for TLS is not compiled in
[Expert@Lab-MGMT01:0]#

Any thoughts?

Steven.

vladt · ‎2023-11-15