Solved: mails not sent - sendemail:522 - (421, b'4.3.2 Se...

corti77 · ‎09-07-2021

Hi,

I have a saved search link to an action of sending an email for each result. The saved search runs every 5 min.

If I run the search manually I get 5 results but surprisingly I dont get 5 emails. Instead I get a random number of emails each time, never 5. looking at logs using the query

index=_internal source="C:\\Program Files\\Splunk\\var\\log\\splunk\\python.log" sendemail

I see many ERRORS like

ERROR sendemail:522 - (421, b'4.3.2 Service not active', 'XXXXXXXX') while sending mail to: XXX@yyy

I searched in google without success for the some hints to solve this issue.

But, when I manually connect to each node of the exchange cluster using putty I managed to send emails without any issue .

Any idea of what could I check?

thanks!

PickleRick · ‎09-07-2021

Well, it looks more like an Exchange issue. I'd check Exchange logs first.

View solution in original post

PickleRick · ‎09-07-2021

Well, it looks more like an Exchange issue. I'd check Exchange logs first.

corti77 · ‎09-08-2021

indeed, one node was not working properly. I reconfigure the smtp server in splunk to point to a specific exchange node and that solved the issue.

thanks

mails not sent - sendemail:522 - (421, b'4.3.2 Service not active'....

alert action

email

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!