Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Mail refuses to send to anything other than localhost

atat23
Path Finder
‎09-29-2016 03:32 AM

I am trying to setup an existing instance of Splunk (6.2) to send a scheduled report. In the splunk_python log I am getting:

2016-09-29 11:10:02,417 +0100 ERROR sendemail:356 - [Errno 111] Connection refused while sending mail to: bilbo@theshire.com

2016-09-29 11:10:02,416 +0100 ERROR sendemail:114 - Sending email. subject="Old Toby", results_link="https://splunk:8000/app/hobbits/@go?sid=scheduler__samwise__hobbits__RMD56e9ec5d3df4dd8f4_at_1475143800_7259", recipients="[u'bilbo@theshire.com']", server="localhost"

Issue is the above server value, it should not be localhost, I have changed the email settings to be a local mail server IP and I also tried changing the localhost in sendemail.py script to the IP of the mail server but, according to the log, no matter what I try the automated report is being sent to "localhost".

I've confirmed mail can actually be sent using:

... | sendemail server=10.10.10.10 to=bilbo@theshire.com

And I have successfully received mail without any problems.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

atat23
Path Finder
‎10-04-2016 01:46 AM

I was trying to run this search from a custom app, the report I had setup within the app created a savedsearches.conf and this conf file was automatically populated with default mail settings, so it had the mail server as localhost and the default mail footer, these default values were overriding the custom settings I had setup in server settings > email settings.

View solution in original post

Reply
Solved! Jump to solution
Solution

atat23
Path Finder
‎10-04-2016 01:46 AM

I was trying to run this search from a custom app, the report I had setup within the app created a savedsearches.conf and this conf file was automatically populated with default mail settings, so it had the mail server as localhost and the default mail footer, these default values were overriding the custom settings I had setup in server settings > email settings.

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎09-29-2016 08:55 AM

if you have a smtp relay local, try adding the port : 125.0.0.1:25
in the settings > system >emails, or alert_actions.conf

0 Karma
Reply
Solved! Jump to solution

atat23
Path Finder
‎10-03-2016 05:27 AM

no, there is no smtp relay used or setup

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...