Pandora: Configuration emails alerts

From Pandora FMS Wiki
Revision as of 13:06, 30 January 2017 by Steve alvey (talk | contribs) (Postfix Setup)
Jump to: navigation, search

1 Quick email setup guide for alerts on Pandora FMS

1.1 Email configuration using a Gmail account

In order to configure Pandora FMS to send alerts via Gmail, Pandora and Postfix must be configured this way:

1.1.1 Pandora Configuration

In order to properly configure your email delivery with a Gmail account, all the fields must have the following comments in the Pandora FMS server configuration file (/etc/pandora/pandora_server.conf) except the mta_address field, which will be configured with the IP server or localhost (where the postfix server is installed).

If Postfix is installed on the same server as Pandora FMS, the configuration in the pandora_server.conf file should look like this:

mta_address localhost 
#mta_port 25
#mta_user [email protected]
#mta_pass mypassword
#mta_auth LOGIN
#mta_from Pandora FMS <[email protected]>

Let's look briefly at how to configure an alert on the Pandora FMS console. Action Setup

To set the mail recipient, use the 'mail action to XXX' so you can add an email recipient to which all the mail alerts will be sent.

GMAIL1.png Alert setup

In this case, the module configuration has been generated in the module configuration> Alerts file, a new alert with the module like the one that can be seen on the screenshot below.


Once the alert is triggered, you can see how the alert reaches the e-mail address assigned to the action:



1.1.2 Postfix Setup

Assuming Postfix is already installed and everything works fine except for sending feedback to gmail, here are the steps to follow:

1-- Edit the /etc/postfix/ configuration file and add the following lines at the end of the file:

relayhost = []:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem

2-- Create the /etc/postfix/sasl/passwd file with your gmail address and password (you must create the “sasl” directory and then create the password file in there).

To create the “sasl” directory:

mkdir /etc/postfix/sasl

To create the password file:

nano /etc/postfix/sasl/passwd

Paste the line below with your own gmail address and password inserted:

[]:587 [email protected]:PASSWORD

Protect the password file accordingly:

chmod 600 /etc/postfix/sasl/passwd

This will allow only root users to access the file.

3-- Transform /etc/postfix/sasl/passwd into a hash type indexed file. This will create a lookup table via postmap:

postmap /etc/postfix/sasl/passwd

Issuing this command will create a passwd.db file in the /etc/postfix/sasl/ directory.

4-- Now to install the Gmail and Equifax certificates. Pre-built Pandora FMS ISOs and VMware virtual images do not have these certificates included by default. If you have the certificates installed, then you can skip this part.

To install the Gmail certificate, follow these steps:

Google’s SSL cert is signed by Equifax – so first we need to fetch that. Move to “tls” directory:

cd /etc/pki/tls/

We need to download the Equifax certificate.

sudo wget -O Equifax_Secure_Certificate_Authority.pem

Add the permissions to the downloaded file:

chmod 644 Equifax_Secure_Certificate_Authority.pem

We also need to request the signature for the certificate:

openssl x509 -in Equifax_Secure_Certificate_Authority.pem -fingerprint -subject -issuer -serial -hash -noout

Next install the Gmail certificate. For this you we need the c_rehash util, so install its package:

yum install openssl-perl

If you don't have this packet in any repositories, follow these additional steps to resolve this problem:

 sudo su
 nano /etc/yum.repos.d/extra_repos.repo
 In the #percona repository I changed the baseurl line to:
 ^O to write the edited file
 ^x to exit
 After returning to root terminal, enter "yum install openssl-perl" and accept the defaults

Next we need to actually acquire the certificate for Gmail. Use OpenSSL to do this:

openssl s_client -connect -showcerts

The output should contain the required lines for the certificate and we need to copy them to /etc/pki/tls/gmail.pem file. In order to do this, create the file:

nano /etc/pki/tls/gmail.pem

and paste these lines into the gmail.pem file:


Next, run the c_rehash util:

cd /etc/pki/tls


c_rehash .

Finally, we can test it using:

openssl s_client -connect -CApath /etc/pki/tls

The important point is to verify the return code:0 (ok), and get the final OK Gpop ready. If you get them you should be able to connect to Gmail.

Now let’s create the Equifax_secure_CA.pem file:

nano /etc/ssl/certs/Equifax_Secure_CA.pem

Paste the following certification lines:


Save and exit.

In order to add the Equifax certificating authority (which certifies emails from Gmail) into the certificate file that Postfix uses, run the following command on a root-enabled console:

cat /etc/ssl/certs/Equifax_Secure_CA.pem > /etc/postfix/cacert.pem

5 - Finally, restart Postfix to apply the changes made:

/etc/init.d/postfix restart

6 - You can verify the performance by opening two consoles. Execute the following command in one console to monitor the behavior of the e-mails:

tail -f /var/log/mail.log

You can send an email through the other one:

echo "Email test" | mail [email protected]

You also may need to change the settings under your gmail account (under the “devices” tab) to receive the e-mail. You can also turn on access for less secure apps and read more about it from here:

If you have done everything correctly, something like this should appear on the other console:

Dec 18 18:33:40 OKComputer postfix/pickup[10945]: 75D4A243BD: uid=0 from=
Dec 18 18:33:40 OKComputer postfix/cleanup[10951]: 75D4A243BD: message-id=
Dec 18 18:33:40 OKComputer postfix/qmgr[10946]: 75D4A243BD: from=, size=403, nrcpt=1 (queue active)
Dec 18 18:33:44 OKComputer postfix/smtp[10953]: 75D4A243BD: [email protected],[]:587, delay=3.7,  delays=0.15/0.14/1.8/1.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1324249500 eb5sm36008464qab.10)
Dec 18 18:33:44 OKComputer postfix/qmgr[10946]: 75D4A243BD: removed

If the result is similar to the above, Pandora is properly configured and linked to the Postfix server, and will send mails as expected.