Article Number
000001122
Applies To
RSA Product Set: Security Analytics
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition: 10.6.x and 11.x
Platform: CentOS
O/S Version: 6 and 7
Issue
SA server fails to send any notification email even after configuring Global Notification with the correct SMTP setting.
Mail server is configured to accept only FQDN but monitoring the packets with tcpdump shows that SA server sends hostname instead of FQDN in EHLO response as shown below.
E.g. TestServer is shown instead of TestServer.test.local
05:34:23.842234 IP x.x.x.x.42635 > 10.106.48.137.25: Flags [P.], seq 1:18, ack 115, win 115, length 17
0x0000: 4500 0039 4f50 4000 4006 86b2 0a3e 1f8c E..9OP@.@....>..
0x0010: 0a6a 3089 a68b 0019 ae27 17d8 25d5 592a .j0......'..%.Y*
0x0020: 5018 0073 64e8 0000 4548 4c4f 2011 512a P..sd...EHLO.Test
0x0030: 4733 5121 2312 420d 0a Server..
Resolution
By default, postfix uses the hostname of the SA server in EHLO response.
In order to resolve the issue, follow the
user guide to change the hostname of the SA server to FQDN.
--Version 10.x
After following the User Guide to change the hostname,
please modify /etc/puppet/csr_attributes.yaml on the SA server to update the hostname with FQDN and reboot the SA server host.If on version
11.x please contact support for assistance with changing the hostname.