Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Alerting
- :
- Alert not connecting to mail server
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to get splunk to connect to a unauthenticated mail server. However it is not sending the messages correctly.
python.log says:
2011-11-03 10:39:21,250 ERROR (550, 'Command RCPT failed') while sending mail to: myemailaddress
Update:
However many email addresses I send it to, the server also gets that many extra blank RCPT TO commands, thus messing it up. Is this splunk error? or server side error?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just used a different mail server to send the splunk alerts. This seems to work! Ill just use this instead.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just used a different mail server to send the splunk alerts. This seems to work! Ill just use this instead.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SMTP Error 550 means "Requested action not taken: mailbox unavailable". Seems like your mailserver doesn't accept the specified recipient.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
no leading whitespace, no trailing whitepace, there is a comma but only to separate email addresses. Work the same with one address or two. very strange....
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How does the recipient in your alert look like? Are you sure there is not leading/tailing whitespace or comma?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
my mail server logs say (IPs omitted):
11:03 11:01 SMTPD( MAIL FROM:splunk@ size=1000
11:03 11:01 SMTPD >>> 250 ok
11:03 11:01 SMTPD <<< rcpt TO:
11:03 11:01 SMTPD RCPT TO:
11:03 11:01 SMTPD [x] looking up gmail.com in HOSTS
11:03 11:01 SMTPD >>> 250 ok its for
Then it says
11:03 11:01 SMTPD<<< rcpt TO:<>
11:03 11:01 SMTPD RCPT TO:<>
11:03 11:01 SMTPD >>> 550 Command RCPT failed
11:03 11:01 SMTPD Unknown Command: RCPT
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What kind of mailserver do you use? Have you looked into the logs of it?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have tried multiple recipients, including ones that use that mail server. Other programs, like sendmail will send to the same recipents that are used. Any thoughts?
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Event Series: Splunk Observability Metrics Cost Optimization
Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...
Deep insights, no barriers: Splunk Observability Cloud Free Edition
