I realize it kinda needs something to report, and since I get no daily mails, yet I have that active, perhaps there is nothing to report, but testing the functionality would be nice.
There isn’t one as there is already a test function in the mail server. If that works then the suricata-reporter should also work as long as you have specified sender and recipient addresses that your specified mail server accepts.
Even if there are no IPS log entries for a daily period the daily report is still sent, it is just empty. I have quite a few of those for my vm system.
That is good, that is what I also used.
I also used the same recipient as in my mail server, and as that test mail sending worked, it was a good starting point.
I would recommend you try the same.
If you still don’t get a daily report, of if you are confident that your recipient address is considered a valid email address for the mail server specified in the Mail Service page then I would suggest going to the Logs - System Logs - choose Mail in the drop down list and then press the Update button and you will be able to see if there are any error messages in your mail logs.
Look at around 09:00 as currently that is the time the daily, weekly. monthly reports are sent. (In CU199 that will changed to an earlier time slot.
Here is what I see in mine for a successful delivery.
09:00:01 dma[5e0731.2fa391e0]: <fred@mail.server.nl> delivery successful
09:00:01 dma[5e0731.2fa391e0]: using SMTP authentication for user freddy
09:00:01 dma[5e0731.2fa391e0]: Server supports LOGIN authentication
09:00:01 dma[5e0731.2fa391e0]: Server does not support STARTTLS
09:00:01 dma[5e0731.2fa391e0]: Server greeting successfully completed
09:00:01 dma[5e0731.2fa391e0]: SSL initialization successful
09:00:01 dma[5e0731.2fa391e0]: Server supports STARTTLS
09:00:01 dma[5e0731.2fa391e0]: Server greeting successfully completed
09:00:01 dma[5e0731.2fa391e0]: trying remote delivery to email.mail.server.nl [192.168.130.82] pref 0
09:00:01 dma[5e0731.2fa391e0]: using smarthost (email.mail.server.nl:587)
09:00:01 dma[5e0731.2fa391e0]: <fred@mail.server.nl> trying delivery
09:00:01 dma[5e0731]: mail to=<fred@mail.server.nl> queued as 5e0731.2fa391e0
09:00:01 dma[5e0731]: new mail from user=root uid=8 envelope_from=<thomas@mail.server.nl>
If no emails are getting received at your mail server then in place of the above log you will have some error messages and those should give a clue as to what step in the sending process is failing.
As you are using a sender address that works for the test mail and WIO is sending emails then the likelihood is that the recipient address is not accepted by your email server.
And now it works.
It seems maybe I was just looking to early after activating it.
No issues AFAIK.
Log entries showed some werd things, but eventually came through
it seems it drops the domain suffix, but tries again
09:00:00 dma[14e0421.22f80020]: using SMTP authentication for user security@conram.it
09:00:00 dma[14e050c.27eec530]: remote delivery to prime1.inleed.net [185.189.48.4] failed after RCPT TO: 501 <security@conram.>: domain missing or malformed
09:00:00 dma[14e050c.27eec530]: can not bounce a bounce message, discarding
09:00:00 dma[14e0421.22f80020]: <infra-alert.homered@conram.it> delivery successful
