Introduction

The internal_sendmail is an internal Check Point command (built-in into FWD daemon) that directs the Check Point Alerts Daemon on the Security Management Server / Domain Management Server to send an e-mail, using the specified arguments. It does not require a mail server or mail client to be installed on the Security Management Server / Multi-Domain Security Management Server.

Notes:

• The FWD daemon on the Security Management Server / Domain Management Server will send an e-mail to the defined SMTP Server.
• Mail Alerts may not work even after configuring as per this sk. To receive mail alert you need to have an SMTP server configured with "Mail Relay" and "No Authentication". 
• When choosing logging actions in rules, or other Security Gateway logging properties, set the action to correspond to the alert you defined in the 'Global Properties' > 'Log and Alert' > 'Alerts' screen.

 

Procedure

1. Go to Alerts settings in Global Properties:

   • In SmartDashboard R7X, go to Policy menu - click on Global Properties - expand Log and Alert - click on Alerts.
   • In SmartConsole R8X, go to Application menu - click on Global Properties - expand Log and Alert - click on Alerts.
     
     
   
    
   

1. (Optional) Select the checkbox "Send mail alert to SmartView Monitor"(when a mail alert is issued, it is also sent to SmartView Monitor). 

1. Select the checkbox "Run mail alert script" and use the following syntax:
   
   internal_sendmail -s "SUBJECT" -t IP_ADDRESS_of_SMTP_SERVER -f SENDER_E-MAIL@DOMAIN RECIPIENT1_E-MAIL@DOMAIN RECIPIENT2_E-MAIL@DOMAIN ...
   
   Note: The e-mail subject must always be enclosed within quotation marks. Multiple recipients must be separated by a space character.
   
   Example with sender mail:
   internal_sendmail -s "MySubject" -t 192.168.20.30 -f sender@example.com recepient1@example.com recepient2@example.com
   
   Example without sender mail:
   internal_sendmail -s "MySubject" -t 192.168.20.30 recepient1@example.com recepient2@example.com
   

1. In the Rule Base, define a rule that will generate an alert - in the "Track" column, select Mail.
2. Install the Security Policy.

 

 

 

 

Sample log entry that you will find in the body of the e-mail message:

 

27Jul2011 12:37:06 drop Labfw02 >eth2 useralert rule: 5; rule_uid: {D80B94DC-N325-4866-B67E-99NAZ5F41160}; SmartDefense profile: No Protection; ICMP: Echo Request; src: NS_192.168.30.44; dst: NS_LabSRVa; proto: icmp; ICMP Type: 8; ICMP Code: 0; product: VPN-1 & FireWall-1;

 

Related Solutions:

• sk38929 - How to configure mail alerts for policy installation
• sk81740 - How to configure a cluster to send Mail Alert upon failover
• sk86131 - How to configure Mail Alerts for Endpoint events received on Endpoint Security Server E80.30 and above
• sk86162 - Email Alerts are not sent for Anti-Bot & Anti-Virus Blade rules
• sk56701 - 'internal_sendmail' command does not work as expected when configured in 'Run UserDefined script' fields in SmartDashboard 'Global Properties'