Email Settings | TLS Handshake


Hi Splunk Community,

I am trying to setup a TLs communication btw Splunk Entreprise and an email server for sending alerts. Based on three available options - None | SSL | TLS, only none is working properly.

when chose TLS I received the following error "ERROR:root:STARTTLS extension not supported by server. while sending mail to"

01-22-2019 17:57:57.138 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/search/bin/ "results_link=https://uh0014:8443/app/search/@go?sid=rt_scheduler__vile__search__RMD50843376f462c8b90_at_154817958..." "ssname=Errors reported (Real Time)" "graceful=True" "trigger_time=1548179876" results_file="/opt/splunk/var/run/splunk/dispatch/rt_scheduler_vilesearch_RMD50843376f462c8b90_at_1548179587_6.45/results.csv.gz"': ERROR:root:STARTTLS extension not supported by server. while sending mail to:

On alert_action.conf file I have the following
mailserver = smtp.XXXXX
pdf.header_left = none
pdf.header_right = none
use_tls = 1
sslVersions = tls1.2
sslVerifyServerCert = true
use_ssl = 0
from = noreply_siem@XXXXX
reportPaperSize = a4

Any tip?



Tags (1)

Path Finder


I had a similar issue when using Office 365 SMTP settings. Usually it is enough to specify however I got the same error as yourself. Try adding the port number at the end of the address within Email Settings.

e.g. (587 is default). For Office 365 this works with TLS enabled.

Best wishes,


0 Karma


Hi, did you resolve this?

0 Karma


Same error here, unable to send any emails from Splunk Enterprise.

0 Karma