Highlighted
ArcSight Newbie
Frequent Contributor.. ArcSight Newbie Frequent Contributor..
Frequent Contributor..
‎2019-06-07 12:26
143 views

SMTP port other than TCP 25 on ArcSight Logger and ESM or ArcMC

Jump to solution

Hi,

I have new SMTP server which uses port TCP 587 but after i have tested something on Logger, it's not successful yet

 

This is what i tested

Logger - 6.5.1

I tried to configure it on System Admin and Reports tab but it 

on System Admin -> System -> SMTP, i couldn't put xxx.xxx.xxx.xxx:587 in a Primary SMTP Server nor Backup SMTP Server

 

on Reports -> Administration -> Report Configuration, i could put xxx.xxx.xxx.xxx:587 on SMTP Server but however, i got the error 35015 while trying to send a report out 

 

"Couldn't e-mail report due to one of the following reasons:- Error in connecting to mail server- Email size too large- Invalid SMTP credentials"

 

As i saw Invalid SMTP credentials, does it mean that i have to configure the authentication username/password somewhere on of Logger? and which file and syntax should i put into?

 

ArcMC 2.7.0

For ArcMC, i have tried to configure it on Administration -> System -> SMTP  but couldn't put a specific port into it either

 

ESM 6.11.0

I have not tried it yet but If anyone knows how to do it, please let me know

 

 

 

0 Likes
Reply
1 Solution

Accepted Solutions
Ionut Daniel Mosoiu
Knowledge Partner
Knowledge Partner
‎2019-06-07 15:21

Re: SMTP port other than TCP 25 on ArcSight Logger and ESM or ArcMC

Jump to solution

Hello,

 

from the ESM perspective, because I have experience with this product, is using only two ports to send SMTP notification:

- TLS 995 default configuration starting with ESM 6.9.1;

- port 25 if adding the following line into server.properties. " email.tls.desired=false" .

At this moment configuring the external SMTP server, it allows you to introduce only the address/hostname and not the port. 

Since you cannot configure the port for the SMTP you can play with the following workarounds like :

- install an SMTP relay on the same server where ArcSight ESM it's installed, configure the ESM solution to send the notification on local port 25 and from the SMTP relay, you can configure the destination port. 

- playing with iptables rules installed on ESM Linux box to forward the request that comes on 25 / 995 to other destination ports.

 

Best Regards, 

 

Daniel

 

Reply
2 Replies
Ionut Daniel Mosoiu
Knowledge Partner
Knowledge Partner
‎2019-06-07 15:21

Re: SMTP port other than TCP 25 on ArcSight Logger and ESM or ArcMC

Jump to solution

Hello,

 

from the ESM perspective, because I have experience with this product, is using only two ports to send SMTP notification:

- TLS 995 default configuration starting with ESM 6.9.1;

- port 25 if adding the following line into server.properties. " email.tls.desired=false" .

At this moment configuring the external SMTP server, it allows you to introduce only the address/hostname and not the port. 

Since you cannot configure the port for the SMTP you can play with the following workarounds like :

- install an SMTP relay on the same server where ArcSight ESM it's installed, configure the ESM solution to send the notification on local port 25 and from the SMTP relay, you can configure the destination port. 

- playing with iptables rules installed on ESM Linux box to forward the request that comes on 25 / 995 to other destination ports.

 

Best Regards, 

 

Daniel

 

Reply
ArcSight Newbie
Frequent Contributor.. ArcSight Newbie Frequent Contributor..
Frequent Contributor..
‎2019-06-11 10:26

Re: SMTP port other than TCP 25 on ArcSight Logger and ESM or ArcMC

Jump to solution

Thank you Daniel. I will try those workarounds

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.