Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Email alerts won’t send from splunk

indeed_2000
Motivator
‎01-16-2020 09:47 AM

Hi
Email alert won’t send from splunk

Here is the log:

 2020-01-16 21:04:53,865 +0330  ERROR     sendemail:392 - No suitable authentication method found. while sending mail to: admin@net.net

2020-01-16 21:04:53,865 +0330 ERROR     sendemail:127 - Sending email. subject="Splunk Alert: Alert", results_link="***", recipients="[u'admin@net.net']", server="192.168.1.1"

2020-01-16 21:04:53,867 +0330 ERROR     sendemail:392 - No suitable authentication method found. while sending mail to: admin@net.net

Here is the config:
alt text
alt text

Any recommendation?
Thanks,

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply

PavelP
Motivator
‎01-17-2020 02:52 AM

as suggested by @rigoreatigax you need to ask mail server admin to modify or disable the SMTP authentication for your splunk server IP address. You can also download swaks (https://www.jetmore.org/john/code/swaks/) and find out the right TLS/SSL port and auth settings.

0 Karma
Reply

indeed_2000
Motivator
‎01-17-2020 03:04 AM

I have several applications like Jira that use this mail server, and work correctly.
I only enter ip&port + user&pass in those applications and they send notifications.

0 Karma
Reply

PavelP
Motivator
‎01-17-2020 05:03 AM

Click Settings > Server settings > Server logging and change "EmailSender" log channel to DEBUG.
Then trigger an alert and check splunkd.log.

Capture the smtp traffic on the splunk host and jira with "tcpdump -pnns0 -i any host 192.168.1.xx and port 465 -w /tmp/smtp.pcap" and compare them using Wireshark. This will not help if all the communication is encrypted with SSL/TLS/STARTTLS.

Also ask mail server admin for assistance - he can see the exact reason in the mail server log

0 Karma
Reply

indeed_2000
Motivator
‎01-17-2020 05:06 AM

Interesting point is when i try to change server from ip to name, in log file still try to connect ip!

It seems server configuration freeze!

I try to restart splunkd but problem still remain.

Any recommendation?

0 Karma
Reply

dindu
Contributor
‎01-16-2020 01:40 PM

Hi,

Please try the below workarounds and let us know.

Just choose None in option and try as in the attachment.
If it did not work remove the username and password as well and try again.

alt text

Preview file
1 KB
0 Karma
Reply

indeed_2000
Motivator
‎01-16-2020 11:54 PM

Done, problem still remain.
Interesting point is when i try to change server from ip to name, in log file still try to connect ip!

It seems server configuration freeze!

I try to restart splunkd but problem still remain.

Any recommendation?

0 Karma
Reply

rigoreatigax
Explorer
‎01-16-2020 09:51 AM
  1. Try disabling email security
  2. Check any port restrictions.
0 Karma
Reply

indeed_2000
Motivator
‎01-16-2020 10:49 AM

How can I disable it?
There is no port restriction.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...