Hi
Email alert won’t send from splunk
Here is the log:
2020-01-16 21:04:53,865 +0330 ERROR sendemail:392 - No suitable authentication method found. while sending mail to: admin@net.net
2020-01-16 21:04:53,865 +0330 ERROR sendemail:127 - Sending email. subject="Splunk Alert: Alert", results_link="***", recipients="[u'admin@net.net']", server="192.168.1.1"
2020-01-16 21:04:53,867 +0330 ERROR sendemail:392 - No suitable authentication method found. while sending mail to: admin@net.net
Here is the config:
Any recommendation?
Thanks,
as suggested by @rigoreatigax you need to ask mail server admin to modify or disable the SMTP authentication for your splunk server IP address. You can also download swaks (https://www.jetmore.org/john/code/swaks/) and find out the right TLS/SSL port and auth settings.
I have several applications like Jira that use this mail server, and work correctly.
I only enter ip&port + user&pass in those applications and they send notifications.
Click Settings > Server settings > Server logging and change "EmailSender" log channel to DEBUG.
Then trigger an alert and check splunkd.log.
Capture the smtp traffic on the splunk host and jira with "tcpdump -pnns0 -i any host 192.168.1.xx and port 465 -w /tmp/smtp.pcap" and compare them using Wireshark. This will not help if all the communication is encrypted with SSL/TLS/STARTTLS.
Also ask mail server admin for assistance - he can see the exact reason in the mail server log
Interesting point is when i try to change server from ip to name, in log file still try to connect ip!
It seems server configuration freeze!
I try to restart splunkd but problem still remain.
Any recommendation?
Done, problem still remain.
Interesting point is when i try to change server from ip to name, in log file still try to connect ip!
It seems server configuration freeze!
I try to restart splunkd but problem still remain.
Any recommendation?
How can I disable it?
There is no port restriction.