I have an SMTP server that is unauthenticated. I have the server IP set up in Splunk Manager. I used this on a test splunk server within the same subnet (windows 2003 32 bit box) just fine.
However, my production box is not emailing (64 bit Win 2008 server - firewall opened for SMTP). I see the server connect to the mail server, then it disconnects without sending a message. My alert search criteria is returning results and should be emailing.
From mail Server:
07/28/2010 10:23:02 AM SMTP Server: SPLUNK_SERVER connected 07/28/2010 10:23:02 AM SMTP Server: SPLUNK_SERVER disconnected. 0 message[s] received
Is there anywhere else i can look? Is there a log file from Splunk that would clue me into what is happening when it is connecting to my mail server?
Note: the Splunk server and the mail server are on different subnets where as the test server that worked was on the same subnet. Not sure if that will make a difference.
Thanks for any help.