All Apps and Add-ons

SMTPSenderRefused: (530, 'Authentication required', 'splunk@xyz.com')

Path Finder

Does Sendresults use the same username and password defined for sendemail?

I've seen a note in the Splunk docs that says "If you are sending an email notification to a server that requires SMTP authentication, you must have the admin role assigned."

https://docs.splunk.com/Documentation/Splunk/7.3.1/Alert/Emailnotification#Configure_email_notificat...

Tags (1)
0 Karma

Path Finder

Hi!

Yes, sendresults uses the same SMTP configuration that the built-in email capabilities and as such has the same role requirements as the documentation outlines.

Derek.

0 Karma

Path Finder

I can understand why that might be the issue if I used the sendresults command inline, but I even see this error during a scheduled report. I would have expected it to use the same logic as the base "send email action", which I can schedule.

from index=_internal sourcetype=sendresults:log

2019-08-07 12:50:21,859 ERROR invocation_id=1565182221.77:80484 invocation_type="action" msg="Could not send email" rcpt="a@xyz.com,h@xyz.com" error="(530, 'Authentication required', u'splunk@xyz.com')"
0 Karma

Path Finder

Yes, I've looked into it, and that's a known issue with sendresults. We are looking at doing a new release in time for .conf and will see if we can match the native Splunk functionality.

0 Karma