Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Mail refuses to send to anything other than localhost

atat23
Path Finder
‎09-29-2016 03:32 AM

I am trying to setup an existing instance of Splunk (6.2) to send a scheduled report. In the splunk_python log I am getting:

2016-09-29 11:10:02,417 +0100 ERROR sendemail:356 - [Errno 111] Connection refused while sending mail to: bilbo@theshire.com

2016-09-29 11:10:02,416 +0100 ERROR sendemail:114 - Sending email. subject="Old Toby", results_link="https://splunk:8000/app/hobbits/@go?sid=scheduler__samwise__hobbits__RMD56e9ec5d3df4dd8f4_at_1475143800_7259", recipients="[u'bilbo@theshire.com']", server="localhost"

Issue is the above server value, it should not be localhost, I have changed the email settings to be a local mail server IP and I also tried changing the localhost in sendemail.py script to the IP of the mail server but, according to the log, no matter what I try the automated report is being sent to "localhost".

I've confirmed mail can actually be sent using:

... | sendemail server=10.10.10.10 to=bilbo@theshire.com

And I have successfully received mail without any problems.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

atat23
Path Finder
‎10-04-2016 01:46 AM

I was trying to run this search from a custom app, the report I had setup within the app created a savedsearches.conf and this conf file was automatically populated with default mail settings, so it had the mail server as localhost and the default mail footer, these default values were overriding the custom settings I had setup in server settings > email settings.

View solution in original post

Reply
Solved! Jump to solution
Solution

atat23
Path Finder
‎10-04-2016 01:46 AM

I was trying to run this search from a custom app, the report I had setup within the app created a savedsearches.conf and this conf file was automatically populated with default mail settings, so it had the mail server as localhost and the default mail footer, these default values were overriding the custom settings I had setup in server settings > email settings.

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎09-29-2016 08:55 AM

if you have a smtp relay local, try adding the port : 125.0.0.1:25
in the settings > system >emails, or alert_actions.conf

0 Karma
Reply
Solved! Jump to solution

atat23
Path Finder
‎10-03-2016 05:27 AM

no, there is no smtp relay used or setup

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
li.common.scroll-to.top