psad config file not working properly, external script not launching and mail command "link" not updating

[Kroptokin]

Hi everybody,
I am trying to send an e-mail to an outlook account every time a port scan attack is detected by psad.
Currently it detects the attacks but it is unable to send an e-mail to an email account using a free outllook account.

When trying to use the "mail" command from postfix in the terminal as follows it works perfectly:
echo New Attempt 9 | mail -s "Test Email Log" goalEmail@domain.term -r sourceEmail@outlook.com -a "FROM:sourceEmail@outlook.com"

Nonetheless when postfix detects an attack the action of sending the mail fails because it tries to send it from root@localhost instead of the specified email.

In order to specify the source e-mail, I tried to change the psad.conf file on /etcf/psad as follows, as I couldn't find any variable to set the "from" email account.

EMAIL_ADDRESSES             root@localhost, goalEmail@domain.term;
mailCmd          /usr/bin/mail -r sourceEmail@outlook.com -a "FROM:sourceEmail@outlook.com" ;

*Note the redundancy in order to assure that the parameter does not get overwritten.

The problem is that the command parameters -r and -a are not used when psad calls the mail command, as seen with the below error message on /var/log/mail.log:

Oct 18 17:04:30 rootusername postfix/smtp[247048]: D345C1271DB: to=<goalemail@domain.term>, relay=smtp.outlook.com[52.98.151.226]:587, delay=1.8, delays=0.04/0.03/1.4/0.37, dsn=5.2.252, status=bounced (host smtp.outlook.com[52.98.151.226] said: 554 5.2.252 SendAsDenied; fromemail@outlook.com not allowed to send as root@localhost; STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to process message due to a permanent exception with message [BeginDiagnosticData]Cannot submit message.

I understand from it that I cannot use the user root@localhost for sending emails through outlook and therefore the mail account set up within postfix or the email "from" specified in the configuration file of psad is unseen by the program.

I wonder what I can do in order to use the outlook account with psad, as a source account, which is already configured in the system within postfix.

Furthermore as workaround I have tried to send the alert using an external script, which works as planned when called in a terminal but psad does not trigger it when detecting an attack.

In order to set the external script i have changed the following variables in the psad.conf file:

ENABLE_EXT_SCRIPT_EXEC      Y;
EXTERNAL_SCRIPT             /etc/psad/ExternalScipt_psad.sh;
EXEC_EXT_SCRIPT_PER_ALERT   Y;

Does somebody know why the script does not run when the attack triggers an alert? The attacks are detected because I receive an email alert to the root mail in /var/mail/root_user.

For more possible useful information i copy here the result of two commands:

root@username:/etc/psad# psad -S
[-] psad: pid file /var/run/psad/psadwatchd.pid does not exist for psadwatchd on HOSTNAME
[+] psad_fw_read (pid: 245065)  %CPU: 0.0  %MEM: 0.1
    Running since: Tue Oct 18 16:36:56 2022

[+] psad (pid: 245064)  %CPU: 0.0  %MEM: 0.1
    Running since: Tue Oct 18 16:36:56 2022
    Command line arguments: [none specified]
    Alert email address(es): root@localhost goalEmail@domain.term

[+] Version: psad v2.4.3

[+] Top 50 signature matches:
        [NONE]

[+] Top 25 attackers:
      ZZZ.AAA.0.XXX   DL: 2, Packets: 20, Sig count: 0

[+] Top 20 scanned ports:
      tcp 443   4 packets
      tcp 25    4 packets
      tcp 587   4 packets
      tcp 53    4 packets
      tcp 80    4 packets

      udp 68    1 packets
      udp 67    1 packets

[+] iptables log prefix counters:
        [NONE]

    Total protocol packet counters:
         tcp: 20 pkts
         udp: 2 pkts

[+] IP Status Detail:

SRC:  ZZZ.AAA.0.XXX , DL: 2, Dsts: 1, Pkts: 20, Total protocols: 1, Unique sigs: 0, Email alerts: 3

    DST:  ZZZ.AAA.0.XXB
        Scanned ports: TCP 25-587, Pkts: 20, Chain: INPUT, Intf: enp3s0
        Total scanned IP protocols: 1, Chain: INPUT, Intf: enp3s0

    Total scan sources: 1
    Total scan destinations: 1

[+] These results are available in: /var/log/psad/status.out

And:

  root@username:/etc/psad# psad -H
  [-] psadwatchd daemon not running.
  [+] HUP signal sent to psad (pid: 245064)

I see that the daemon is not running, as specified in the config file by the option below it is not needed, so i guess that is not a problem.
ENABLE_PSADWATCHD N;

I would also like to ask about the line:
[-] psad: pid file /var/run/psad/psadwatchd.pid does not exist for psadwatchd on HOSTNAME

It is an error/problem or is it fine if I am not running the psadwatch daemon?