- Splunk Answers
- :
- Using Splunk
- :
- Reporting
- :
- Why am I getting error "Connection refused while s...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why am I getting error "Connection refused while sending mail to: user@domain.com" using the sendemail command in a search?
I'm running the following search in order to test my email settings (I've obfuscated the email address)
- | top 5 host | sendemail to="user@domain.com"
and I'm getting this error:
command="sendemail", [Errno 111] Connection refused while sending mail to: user@domain.com
Is there a log that has more details, or a more verbose response? The email config and credentials are being used elsewhere to send mail successfully.
Thanks,
Todd
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi toddles666
this means that the sendemail script was not able to use your mailserver. The sendemail script uses by default localhost as mailserver (set by argument server= ). This can have multiple reasons like firewall blocking or mail server refusing to accept your request or no email process/server running on localhost. Check with your network/mailserver admin.
hope this helps ...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is your splunk instance is in the cloud? because emails goes from one server to anothers you will not be able to send emails until your splunk instance is hosted.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A little more detail: The Splunk server is hosted on an AWS EC2 instance. I want to use the AWS Simple Email Service (that is successfully being used elsewhere in my VPC) to send email. The "Mail Server Settings" in the Splunk config has been configured with the AWS SES host, port, and credentials. These settings are correct as I can send email using the email host, port, and credentials from a shell session on the instance hosting the Splunk server. So:
- Config and credentials seem to be correct
- Firewall / Security Groups do not seem to be an issue
Is there any way I can further test or get better logging from Splunk itself?
Thanks,
Todd
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you sure that your query is correct? Complete it as follows and let me know the result.
| sendemail to=user@mydomain.com format=html server=my.server.net from=Splunk.Alert@mydomain.com sendresults=true subject="search email test" message=search_results
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
are u doing this went you are connected locally because you needn to connected through internet to able to send mail
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
