Reporting

Why am I getting error "Connection refused while sending mail to: user@domain.com" using the sendemail command in a search?

toddles666
New Member

I'm running the following search in order to test my email settings (I've obfuscated the email address)

and I'm getting this error:

command="sendemail", [Errno 111] Connection refused while sending mail to: user@domain.com

Is there a log that has more details, or a more verbose response? The email config and credentials are being used elsewhere to send mail successfully.

Thanks,
Todd

0 Karma

juvetm
Communicator

Hi toddles666

this means that the sendemail script was not able to use your mailserver. The sendemail script uses by default localhost as mailserver (set by argument server= ). This can have multiple reasons like firewall blocking or mail server refusing to accept your request or no email process/server running on localhost. Check with your network/mailserver admin.

hope this helps ...

0 Karma

stephanefotso
Motivator

Is your splunk instance is in the cloud? because emails goes from one server to anothers you will not be able to send emails until your splunk instance is hosted.
Thanks

SGF
0 Karma

toddles666
New Member

A little more detail: The Splunk server is hosted on an AWS EC2 instance. I want to use the AWS Simple Email Service (that is successfully being used elsewhere in my VPC) to send email. The "Mail Server Settings" in the Splunk config has been configured with the AWS SES host, port, and credentials. These settings are correct as I can send email using the email host, port, and credentials from a shell session on the instance hosting the Splunk server. So:

  • Config and credentials seem to be correct
  • Firewall / Security Groups do not seem to be an issue

Is there any way I can further test or get better logging from Splunk itself?

Thanks,
Todd

0 Karma

stephanefotso
Motivator

Are you sure that your query is correct? Complete it as follows and let me know the result.

| sendemail to=user@mydomain.com format=html server=my.server.net from=Splunk.Alert@mydomain.com sendresults=true subject="search email test" message=search_results 
SGF
0 Karma

juvetm
Communicator

are u doing this went you are connected locally because you needn to connected through internet to able to send mail

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...