Archive

Email Settings | TLS Handshake

Explorer

Hi Splunk Community,

I am trying to setup a TLs communication btw Splunk Entreprise and an email server for sending alerts. Based on three available options - None | SSL | TLS, only none is working properly.

when chose TLS I received the following error "ERROR:root:STARTTLS extension not supported by server. while sending mail to"

01-22-2019 17:57:57.138 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/search/bin/sendemail.py "results_link=https://uh0014:8443/app/search/@go?sid=rt_scheduler__vile__search__RMD50843376f462c8b90_at_154817958..." "ssname=Errors reported (Real Time)" "graceful=True" "trigger_time=1548179876" results_file="/opt/splunk/var/run/splunk/dispatch/rt_scheduler_vilesearch_RMD50843376f462c8b90_at_1548179587_6.45/results.csv.gz"': ERROR:root:STARTTLS extension not supported by server. while sending mail to:

On alert_action.conf file I have the following
[email]
mailserver = smtp.XXXXX
pdf.header_left = none
pdf.header_right = none
use_tls = 1
sslVersions = tls1.2
sslVerifyServerCert = true
use_ssl = 0
from = noreply_siem@XXXXX
reportPaperSize = a4

Any tip?

Sincerely

VML

Tags (1)

Path Finder

Hi VML,

I had a similar issue when using Office 365 SMTP settings. Usually it is enough to specify smtp.office365.com however I got the same error as yourself. Try adding the port number at the end of the address within Email Settings.

e.g. smtp.office365.com:587 (587 is default). For Office 365 this works with TLS enabled.

Best wishes,

Dan

0 Karma

Contributor

Hi, did you resolve this?

0 Karma

Communicator

Same error here, unable to send any emails from Splunk Enterprise.

0 Karma