Alerting

Email alerts have no sender resulting in quarantine

New Member

Our Splunk email alerts are being sent without a Sender (see below screenshot, "Afzender" is sender), resulting in them being quarantined by Office 365. 

fwalraven_0-1606474901472.png

I tried the following actions but these did not fix the problem, sender is still seen by Office 365 as "<>":

  • Putting an email address in the "Send emails as" form on the server settings > email settings page
  • Putting "Splunk" in the "Send emails as" form on the server settings > email settings page
  • Edited alert_actions.conf to "from = mail username" and "hostname = mail" domain name, based on a Splunk forum post I found. 
  • When I release the quarantined email within Office365 the alert email sender is shown in my Outlook Inbox as "(splunk via SERVERHOST)splunk". SERVERHOST is the server hostname but I can't post that in this example due to security concerns. This sender name also does not change within Outlook when changing this in alert_actions.conf / email settings within Splunk. 

Mail server settings in server settings > email settings (anonymized):

  • Mail host: mail hosting server
  • Email security: none
  • Username: none
  • Password: none

I tried looking for other solutions in this forum but these are all I could find. If anybody can point me in the right direction / knows how to fix this that would be greatly appreciated 🙂

Labels (2)
0 Karma