IBM Support

QRadar: How can you test email services from QRadar

Question & Answer


Is there a way to test the mail server from QRadar to determine whether it is sending offenses or scheduled report emails?


Sometimes it is not apparent that QRadar is sending emails to the mail server. Offenses are emailed from the Processor that generated the response but reports come from the Console.


There is a way to test if a mail server is sending reports and offenses. This procedure allows you to log in to the mail server and run commands to help you determine whether the mail is working properly.

Procedure to test email services from QRadar:

  1. Connect to the QRadar Console by using SSH.
  2. Telnet to your email server from the QRadar appliance you are sending email to determine if port 25 is open. For reports, the appliance is a Console. For offenses, the appliance is a Console or Processor.
    telnet IP 25
  3. At the email server's command prompt, type the EHLO command by using the name or IP address of the email server that is used by the QRadar appliance.
  4. Type the Mail from line:
  5. Enter the email address that you want the email to be sent to:
    RCPT TO:
  6. Enter the DATA command to begin entering the body of the email:
  7. Enter the body of the email. Type Enter and period . to end and send the email.
    This is a test email
  8. Quit the session.

Result: You should receive the test email from the account that is listed in the RCPT TO field.


[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]

Document Information

Modified date:
30 June 2021