Al Puzzuoli 0 Posted November 21, 2013 Posted November 21, 2013 Hello, I'm trying to configure the eRA server to send threat notifications via SMTP. I know the SMTP settings I want to use are valid, because I can enter them into the "Other settings" dialog, press the "send test email" button, and almost immediately get a response; However, when I go to notifications manager, select a rule and hit the "test it" button, I never receive a message. I've noticed that for some odd reason, the ERA UI does not offer the option of specifying a default send to address. I set this option under advanced settings using the configuration editor so I assume it is set correctly, but that's the problem. There doesn't seem to be any good way to diagnose the issue. All I know is I'm not getting emails from the ERA unless I send a test message from the settings dialog, and I have no idea how to troubleshoot any further. Any help would be much appreciated, Al
ESET Staff CB530 70 Posted November 21, 2013 ESET Staff Posted November 21, 2013 Hi Al, In part 1, step 4 of our Knowledgebase article on this topic we go over entering the recipient address. Are you setting this field in ERA?
Al Puzzuoli 0 Posted November 22, 2013 Author Posted November 22, 2013 Hello, If I'm understanding things correctly, the article you reference describes how to configure SMTP notifications to be sent via the clients, not the server. The problem I have with this approach is that in my world, there is no longer such a thing as a mail server that doesn't require secure SMTP. Oddly, support for secure SMTP seems to be lacking in Nod32 clients, but available in ERA server. Therefore, it seems to me that the only way I can enable any alerts at all is via ERA server's notification manager, and that's what's not working for me. Am I misunderstanding something here, or is this process more complicated than it needs to be? If only the clients would support SMTPS ...
Al Puzzuoli 0 Posted November 25, 2013 Author Posted November 25, 2013 Any info, anyone? I can't believe I'm the only one trying to do this and having problems? Have others successfully configured not the clients, but the ERA server to send alerts using an SMTP server that requires authentication and SSL? I like to think I'm relatively competent at what I do, and setting a program up to talk to an SMTP server should be trivial. But in this case, the solution is either very unobvious, or it just isn't working. If this is broken, could someone tell me that so I stop wasting my time? If there is a way to do this, is there a KB article anywhere that describes the process? If SMTP isn't the most efficient way to receive alerts, then what alternatives are there? Thanks, Al
jimwillsher 65 Posted November 25, 2013 Posted November 25, 2013 We use notifications from the servers without difficulty. We use it primarily for "new client" notifications - if we see that a client hasn't connected for a few weeks it could be a dead laptop, so we delete it. But it's useful to get notification if the client reconnects. I don't think we use SSL but we do use authentication. We've set up a second listener on our Exchange on a different port and we connect to that. Jim
Solution PatrickL 21 Posted December 3, 2013 Solution Posted December 3, 2013 Al, It would seem from your original post, that I wonder if the notification itself is setup correctly. The notification has to have an aciton to send an email to a spcified address (yes, specified per notificaiton). If that is not set up, then everything you mention is exactly what would happen. Can you please open the notification manager and click on the notification in question and either take a screenshot and PM that to me directly or look at the action line and see if it has email listed in it. If it does not, then please click on edit to the right of it and put a check in the box for email (if its greyed out, then the SMTP settings rae not in place in Tools>Server Options>Other Settings) and fill out the data (email address and subject line). Once complete, save it and test it. Let me know how it goes for you, please. Patrick
Al Puzzuoli 0 Posted December 6, 2013 Author Posted December 6, 2013 Hi Patrick, Thanks! That was exactly the issue. I didn't realize that the notifications were not configured to send email alerts by default, and I thought for sure when I hit the test button, that an email would have been generated regardless. That wasn't the case. Everything is working now. Thanks again, Al
Recommended Posts