We are running splunk 4.2.3 on RHEL 5.I am scheduling a job in windows app and email the results to my email id but i am not receiving any emails from splunk server. I am seeing these below connection refused errors in python.log
2011-11-03 21:19:01,489 ERROR Sending email. subject="Splunk Alert: windows failed", results_link="https://splunk_server_name:8000/app/windows/@go?sid=scheduler__admin__windows_d2luZG93cyBmYWlsZWQ_at...", recepients="['foo@bar.com', '', '']"
2011-11-03 21:19:01,489 ERROR [Errno 111] Connection refused while sending mail to: foo@bar.com
There are no issues with firewall or iptables. I am able to send emails from the actual splunk server itself but not from the alert/report. I configured "Link Hostname" to the ip of the server, server hostname, left it blank but still no luck.
I ran into this as well. This happened after I copied some alert from another system to setup on a new search head.
The problem turned out to be that I created the alerts before configuring the mail server in Splunk, so the alerts had this statement in savedsearches.conf:
action.email.mailserver = localhost
Manually edited savedsearches.conf to remove this (as well as action.email.from, which was "splunk").
After restarting Splunk, the alerts mail properly.
In "Mail Server Settings" the mail host was set to localhost and hence it was not sending emails when i ran the report. Now i have configured mail host with the mail server host name and now email are triggering fine from the splunk.
I am not sure the root cause of the issue. But sendemail command may help you to isolate the issue. You will know more if smtp setting is correct or semdemail python command is ok or network issue...
... | sendemail to="elvis@splunk.com,john@splunk.com" format=html subject=myresults server=mail.splunk.com
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Sendemail