Alerting

mails not sent - sendemail:522 - (421, b'4.3.2 Service not active'....

corti77
Contributor

Hi,

I have a saved search link to an action of sending an email for each result. The saved search runs every 5 min.

If I run the search manually I get 5 results but surprisingly I dont get 5 emails. Instead I get a random number of emails each time, never 5. looking at logs using the query 

index=_internal source="C:\\Program Files\\Splunk\\var\\log\\splunk\\python.log" sendemail

I see many ERRORS like

ERROR sendemail:522 - (421, b'4.3.2 Service not active', 'XXXXXXXX') while sending mail to: XXX@yyy

I searched in google without success for the some hints to solve this issue.

But, when I manually connect to each node of the exchange cluster using putty I managed to send emails without any issue .

Any idea of what could I check?

thanks!

 

 

 

Labels (2)
0 Karma
1 Solution

PickleRick
SplunkTrust
SplunkTrust

Well, it looks more like an Exchange issue. I'd check Exchange logs first.

View solution in original post

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Well, it looks more like an Exchange issue. I'd check Exchange logs first.

0 Karma

corti77
Contributor

indeed, one node was not working properly. I reconfigure the smtp server in splunk to point to a specific exchange node and that solved the issue.

thanks

 

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...