Configure Mail Relay in USM Appliance

Applies to Product: USM Appliance™ LevelBlue OSSIM®

You can configure to receive emails from USM Appliance. For example, if you want to receive an email when an alarm appears, you can create a policy for the email to be sent. For details, see Tutorial: Create a Policy to Send Emails Triggered by Events. But first, you need to configure mail relay in USM Appliance.

USM Appliance uses Postfix, an open-source mail transfer agent (MTA), as Simple Mail Transfer Protocol (SMTP) server for outgoing messages.

USM Appliance SMTP Server Default Settings

Protocol

Port Number

Notes

SMTP 25 This is the port number assigned to SMTP and used for mail server relay. Note that most Internet service providers (ISPs) block this port to curb the amount of spam they receive.
TLS (Transport Layer Security) 587 This is the default port number that USM Appliance uses to send outgoing messages. The connection is encrypted by executing the STARTTLS command.

USM Appliance also enables the following properties from Postfix:

smtp_sasl_auth_enable = yes

smtp_sasl_security_options = noanonymous

smtp_sasl_tls_security_options = noanonymous

This means USM Appliance enables Simple Authentication and Security Layer (SASL) authentication for SMTP, denying anonymous authentication.

Mail Server Relay Configuration

For simply receiving emails from USM Appliance, you do not need to set up mail server relay. However, if your company has a dedicated mail server that you want to keep using, you can configure USM Appliance to route emails through your corporate mail program. To prevent such messages from going to your junk mail or spam folder, you can add USM Appliance as a safe sender for Office 365 or add it to the email allowlist for Gmail.

You perform this task on either a USM Appliance All-in-One or a USM Appliance Server.

To configure mail server relay on USM Appliance

  1. Log in to the USM Appliance web UI, and then go to Configuration > Deployment.
  2. Under LevelBlue Components Information, click the system details icon of the system you want to change.
  3. On the next page, click General Configuration, located above the System Status.
  4. In the General Configuration form, select Yes for Mail Server Relay.

    This expands the form to disclose new fields.

  5. Enter the Server IP, the username and password used for the mail server, and the port number in the respective fields.

    Note: The Server IP field accepts valid IP addresses or server names.

  6. Click Apply Changes.
  7. (Optional) If you want to change the sender's email address (default is no-reply@alienvault.com), go to Configuration > Administration > Main.
  8. Extend USM Framework and update Sender's Email Address for Notification.

    Note: USM Appliance uses this email address to send notifications in the following occasions:

    • A report is distributed via email.
    • USM Appliance informs you about open tickets.
    • USM Appliance creates a ticket based on a vulnerability it discovers.
    • A comment has been added to or modified in an existing ticket.
  9. Click Update Configuration to apply the changes.