| Applies to Product: |
 USM Appliance™ |
 LevelBlue OSSIM® |
You can configure to receive emails from USM Appliance. For example, if you want to receive an email when an alarm appears, you can create a policy for the email to be sent. For details, see Tutorial: Create a Policy to Send Emails Triggered by Events. But first, you need to configure mail relay in USM Appliance.
USM Appliance uses Postfix, an open-source mail transfer agent (MTA), as Simple Mail Transfer Protocol (SMTP) server for outgoing messages.
|
Protocol |
Port Number |
Notes |
|---|---|---|
| SMTP | 25 | This is the port number assigned to SMTP and used for mail server relay. Note that most Internet service providers (ISPs) block this port to curb the amount of spam they receive. |
| TLS (Transport Layer Security) | 587 | This is the default port number that USM Appliance uses to send outgoing messages. The connection is encrypted by executing the STARTTLS command. |
USM Appliance also enables the following properties from Postfix:
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
This means USM Appliance enables Simple Authentication and Security Layer (SASL) authentication for SMTP, denying anonymous authentication.
Mail Server Relay Configuration
For simply receiving emails from USM Appliance, you do not need to set up mail server relay. However, if your company has a dedicated mail server that you want to keep using, you can configure USM Appliance to route emails through your corporate mail program. To prevent such messages from going to your junk mail or spam folder, you can add USM Appliance as a safe sender for Office 365 or add it to the email allowlist for Gmail.
You perform this task on either a USM Appliance All-in-One or a USM Appliance Server.
To configure mail server relay on USM Appliance
- Log in to the USM Appliance web UI, and then go to Configuration > Deployment.
-
Under LevelBlue Components Information, click the
icon of the system you want to change.
- On the next page, click General Configuration, located above the System Status.
-
In the General Configuration form, select Yes for Mail Server Relay.
This expands the form to disclose new fields.
-
Enter the Server IP, the username and password used for the mail server, and the port number in the respective fields.
Note: The Server IP field accepts valid IP addresses or server names.
For Gmail:
- Server IP: smtp.gmail.com
- User: <your user>@gmail.com or <your user>@<your domain>.tld if <your domain>.tld is managed by Google Professional Services
- Pass/Confirm Pass: <your password>
- Port: 587
For Office 365:
Note: If your Office 365 admin has set up two-step verification for your organization, you may need to create an app password allowing USM Appliance to access your Office 365 account.
- Server IP: smtp.office365.com
- User: <your user>
- Pass/Confirm Pass: <your password>
- Port: 587
For Exchange Server 2013:
Important: Before continuing, follow the steps in How to Configure a Relay Connector in Exchange Server 2013 to allow SMTP relay through the Front End Transport service.
- Server IP: <your Exchange Server 2013 IP address>
- User: (leave it blank)
- Pass/Confirm Pass: (leave it blank)
- Port: 25 (default)
- Click Apply Changes.
- (Optional) If you want to change the sender's email address (default is no-reply@alienvault.com), go to Configuration > Administration > Main.
-
Extend USM Framework and update Sender's Email Address for Notification.
Note: USM Appliance uses this email address to send notifications in the following occasions:
- A report is distributed via email.
- USM Appliance informs you about open tickets.
- USM Appliance creates a ticket based on a vulnerability it discovers.
- A comment has been added to or modified in an existing ticket.
- Click Update Configuration to apply the changes.
Feedback