ossec 修改sendmail.c源码发送邮件

来源：互联网发布：mac 人民币符号编辑：程序博客网时间：2024/06/05 19:12

因为公司需求在部署ossec是发现不能收到报警邮件，查看log提示信息也是非常的少，经过查看一些博客，文档发现ossec发送邮件是不想邮箱服务器发送验证信息的，所以我们常用的邮箱基本都会当做垃圾邮件或者直接拒收。
所以查看了wianm’s blog,
他的代码是：

/* Return codes (from SMTP server) */#define VALIDBANNER "220"#define VALIDMAIL "250"#define VALIDAUTHLOGIN "334"#define VALIDAUTHUSER "334"#define VALIDAUTHPWD "235"#define VALIDDATA "354"/* Default values use to connect */#define SMTP_DEFAULT_PORT 587#define HELOMSG "Helo notify.ossec.net\r\n"#define AUTHLOGIN "AUTH LOGIN\r\n"#define AUTHUSER "(用户名,base64编码)\r\n"#define AUTHPWD "密码,base64编码)\r\n"#define MAILFROM "Mail From: <%s>\r\n"#define RCPTTO "Rcpt To: <%s>\r\n"#define DATAMSG "DATA\r\n"#define FROM "From: OSSEC HIDS <%s>\r\n"#define TO "To: <%s>\r\n"#define CC "Cc: <%s>\r\n"#define SUBJECT "Subject: %s\r\n"#define ENDDATA "\r\n.\r\n"#define QUITMSG "QUIT\r\n"以下内容是添加在 /* Sending HELO message */和 /* Building "Mail from" msg */ 中间/*============================================ *==================添加auth login代码========= *============================================ *//* Sending AUTH USERNAME message */OS_SendTCP(socket,AUTHUSER);msg = OS_RecvTCP(socket, OS_SIZE_1024);//merror("%s",msg);if((msg == NULL)||(!OS_Match(VALIDAUTHUSER, msg))){if(msg){/* Ugly fix warning     :   )  *//* In some cases (with virus scans in the middle)* we may get two banners. Check for that in here.*/if(OS_Match(VALIDAUTHLOGIN, msg)){free(msg);/* Try again */msg = OS_RecvTCP(socket, OS_SIZE_1024);if((msg == NULL)||(!OS_Match(VALIDAUTHUSER, msg))){merror("%s:%s",AUTH_USERFAILD,msg!= NULL?msg:"null");if(msg)free(msg);close(socket);return(OS_INVALID);}}else{merror("%s:%s",AUTH_USERFAILD,msg);free(msg);close(socket);return(OS_INVALID);}}else{merror("%s:%s",AUTH_USERFAILD,"null");close(socket);return(OS_INVALID);}}MAIL_DEBUG("DEBUG: Sent '%s', received: '%s'", AUTHUSER, msg);free(msg);/* Sending AUTH PASSWORD message */OS_SendTCP(socket,AUTHPWD);msg = OS_RecvTCP(socket, OS_SIZE_1024);//merror("%s",msg);if((msg == NULL)||(!OS_Match(VALIDAUTHPWD, msg))){if(msg){/* Ugly fix warning :   ) *//* In some cases (with virus scans in the middle)* we may get two banners. Check for that in here.*/if(OS_Match(VALIDAUTHUSER, msg)){free(msg);/* Try again */msg = OS_RecvTCP(socket, OS_SIZE_1024);if((msg == NULL)||(!OS_Match(VALIDAUTHPWD, msg))){merror("%s:%s",AUTH_PWDFAILD,msg!= NULL?msg:"null");if(msg)free(msg);close(socket);return(OS_INVALID);}}else{merror("%s:%s",AUTH_PWDFAILD,msg);free(msg);close(socket);return(OS_INVALID);}}else{merror("%s:%s",AUTH_PWDFAILD,"null");close(socket);return(OS_INVALID);}}MAIL_DEBUG("DEBUG: Sent '%s', received: '%s'", AUTHPWD, msg);free(msg);

但是用上后发现还是不能用，仔细查看了一下代码，加上自己添加一些打印信息发觉，这段代码应该作者在写到博客是忘加了先向smtp服务器发送auth login信息，顾应该在我标记处添加

OS_SendTCP(socket,AUTHLOGIN);msg = OS_RecvTCP(socket, OS_SIZE_1024);

向服务器发送auth login信息后再发送user和password信息，这样smtp服务器才能知道我们发送的user与pass是什么意思。

此文借鉴：wianm’s blog
借鉴文章地址：http://www.wianm.com/?p=58&utm_source=tuicool&utm_medium=referral

0 0