Documentation Center
AlienVault® USM Appliance™

Configure Mail Relay in USM Appliance

Applies to Product: USM Appliance™ AlienVault OSSIM®

You can configure to receive emails from USM Appliance, for example, when an alarm appears or a report finishes running. USM Appliance uses Postfix, an open-source mail transfer agent (MTA), as SMTP (Simple Mail Transfer Protocol) Server for outgoing messages.

USM Appliance SMTP Server Default Settings

Protocol

Port Number

Notes

SMTP 25 This is the port number assigned to SMTP and used for mail server relay. Note that most Internet service providers (ISPs) block this port to curb the amount of spam they receive.
TLS (Transport Layer Security) 587 This is the default port number that USM Appliance uses to send outgoing messages. The connection is encrypted by executing the STARTTLS command.
SSL (Secure Sockets Layer) 465 The Internet Assigned Numbers Authority originally registered 465 for SMTPS (Simple Mail Transfer Protocol Secure), a deprecated method for securing SMTP. Port 465 is now registered for SSM (Source-Specific Multicast), but ISPs maintain port 465 because some legacy systems do not support STARTTLS. Therefore, USM Appliance supports SSL connection through port 465.

USM Appliance also enables the following properties from Postfix:

smtp_sasl_auth_enable = yes

smtp_sasl_security_options = noanonymous

smtp_sasl_tls_security_options = noanonymous

This means USM Appliance enables SASL (Simple Authentication and Security Layer ) authentication for SMTP, denying anonymous authentication.

Mail Server Relay Configuration

For simply receiving emails from USM Appliance, you do not need to set up mail server relay. However, if your company has a dedicated mail server that you want to keep using, you can configure USM Appliance to route emails through your corporate mail program. To prevent such messages from going to your junk mail or spam folder, you can add USM Appliance as a safe sender for Office 365 or add it to the email whitelist for Gmail.

You perform this task on either a USM Appliance All-in-One or a USM Appliance Server.

To configure mail server relay on USM Appliance

  1. Login to the USM Appliance web UI, and then go to Configuration > Deployment.
  2. Under AlienVault Components Information, click the System Details icon (system details) of the system you want to change.
  3. On the next page, click General Configuration, located top-right above the System Status.
  4. In the General Configuration form, select Yes for Mail Server Relay.

    This expands the form to disclose new fields.

  5. Type the Server IP, the username and password used for the mail server, and the port number in the respective fields.

    Note: The Server IP field accepts valid IP addresses or server names.

    For Gmail:

    • Server IP: smtp.gmail.com
    • User: <your user>@gmail.com or <your user>@<your domain>.tld if <your domain>.tld is managed by Google Professional Services
    • Pass/Confirm Pass: <your password>
    • Port: 587

    For Office 365:

    Note: If your Office 365 admin has set up two-step verification for your organization, you may need to create an app password allowing USM Appliance to access your Office 365 account.

    • Server IP: smtp.office365.com
    • User: <your user>
    • Pass/Confirm Pass: <your password>
    • Port: 587

    For Exchange Server 2013:

    Important: Before continuing, follow the steps in How to Configure a Relay Connector in Exchange Server 2013 to allow SMTP relay through the Frontend Transport service.

    • Server IP: <your Exchange Server 2013 IP address>
    • User: (leave it blank)
    • Pass/Confirm Pass: (leave it blank)
    • Port: 25 (default)
  6. Click Apply Changes.