Hi Splunk Community,
I am trying to setup a TLs communication btw Splunk Entreprise and an email server for sending alerts. Based on three available options - None | SSL | TLS, only none is working properly.
when chose TLS I received the following error "ERROR:root:STARTTLS extension not supported by server. while sending mail to"
01-22-2019 17:57:57.138 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/search/bin/sendemail.py "results_link=https://uh0014:8443/app/search/@go?sid=rt_scheduler__vile__search__RMD50843376f462c8b90_at_154817958..." "ssname=Errors reported (Real Time)" "graceful=True" "trigger_time=1548179876" results_file="/opt/splunk/var/run/splunk/dispatch/rt_scheduler_vilesearch_RMD50843376f462c8b90_at_1548179587_6.45/results.csv.gz"': ERROR:root:STARTTLS extension not supported by server. while sending mail to:
On alert_action.conf file I have the following
[email]
mailserver = smtp.XXXXX
pdf.header_left = none
pdf.header_right = none
use_tls = 1
sslVersions = tls1.2
sslVerifyServerCert = true
use_ssl = 0
from = noreply_siem@XXXXX
reportPaperSize = a4
Any tip?
Sincerely
VML
Hi VML,
I had a similar issue when using Office 365 SMTP settings. Usually it is enough to specify smtp.office365.com however I got the same error as yourself. Try adding the port number at the end of the address within Email Settings.
e.g. smtp.office365.com:587 (587 is default). For Office 365 this works with TLS enabled.
Best wishes,
Dan
Hi, did you resolve this?
Same error here, unable to send any emails from Splunk Enterprise.