Configure Wazuh to send alerts when an alert is triggered.


Create an AWS IAM user with the following permissions.

  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Action": "ses:SendRawEmail",
      "Resource": "*"

Generate the SMTP Password

AWS doc

import hmac
import hashlib
import base64
import argparse

    'us-east-2',       # US East (Ohio)
    'us-east-1',       # US East (N. Virginia)
    'us-west-2',       # US West (Oregon)
    'ap-south-1',      # Asia Pacific (Mumbai)
    'ap-northeast-2',  # Asia Pacific (Seoul)
    'ap-southeast-1',  # Asia Pacific (Singapore)
    'ap-southeast-2',  # Asia Pacific (Sydney)
    'ap-northeast-1',  # Asia Pacific (Tokyo)
    'ca-central-1',    # Canada (Central)
    'eu-central-1',    # Europe (Frankfurt)
    'eu-west-1',       # Europe (Ireland)
    'eu-west-2',       # Europe (London)
    'sa-east-1',       # South America (Sao Paulo)
    'us-gov-west-1',   # AWS GovCloud (US)

# These values are required to calculate the signature. Do not change them.
DATE = "11111111"
SERVICE = "ses"
MESSAGE = "SendRawEmail"
TERMINAL = "aws4_request"
VERSION = 0x04

def sign(key, msg):
    return, msg.encode('utf-8'), hashlib.sha256).digest()

def calculate_key(secret_access_key, region):
    if region not in SMTP_REGIONS:
        raise ValueError(f"The {region} Region doesn't have an SMTP endpoint.")

    signature = sign(("AWS4" + secret_access_key).encode('utf-8'), DATE)
    signature = sign(signature, region)
    signature = sign(signature, SERVICE)
    signature = sign(signature, TERMINAL)
    signature = sign(signature, MESSAGE)
    signature_and_version = bytes([VERSION]) + signature
    smtp_password = base64.b64encode(signature_and_version)
    return smtp_password.decode('utf-8')

def main():
    parser = argparse.ArgumentParser(
        description='Convert a Secret Access Key to an SMTP password.')
        'secret', help='The Secret Access Key to convert.')
        help='The AWS Region where the SMTP password will be used.',
    args = parser.parse_args()
    print(calculate_key(args.secret, args.region))

if __name__ == '__main__':
python3 path/to/ AWS_SECRET_KEY REGION

Update the IAM key for postfix

AWS Documentation

Update the file /etc/postfix/sasl_passwd with

postmap hash:/etc/postfix/sasl_passwd

systemctl restart postfix

Verify Functionality

Send a test email for validate functionality

sendmail -f < /root/ses.test