Getting Data In

ERROR Sending email with sendemail, but alert emails work fine

ftk
Motivator

I have my smtp server configured correctly and have setup and do receive plenty of alerts for scheduled searches. However when I attempt to use the sendemail command, the following error is displayed:

[Errno 10061] No connection could be made because the target machine actively refused it while sending mail to: foo@bar.com

The only error I can find in the logs is from var/log/python.log:

2010-07-28 10:18:51,105 ERROR Sending email. subject="Splunk Results", results_link="None", recepients="['foo@bar.comm']"

I haven't been able to find any other errors related to this, and this is the only line in python.log.

I am using sendemail as follows:

my search terms | sendemail to=foo@bar.com sendresults=true

Windows Installation, 4.1.3. What am I doing wrong?

1 Solution

ftk
Motivator

The sendemail command by default attempts to use localhost as the SMTP server and ignores the settings used for scheduled search alerts. If you do not have an SMTP server or forwarder installed (which on Windows is quite likely), sendemail will fail when trying to connect to localhost.

To work around this, specify server in sendemail as follows:

my search terms | sendemail to=foo@bar.com sendresults=true server=mail.bar.com

View solution in original post

ben363
Path Finder

For some reason, sendemail.py doesn't use the same parameters as scheduled search.

Setting the server parameters in the GUI (Settings->Server Settings->Email Settings) will get scheduled search to work, but not sendemail.

Saved searches look in users/XXX/search/loca/savedsearches.conf, and then in ./system/local/alert_actions.conf

sendemail from the command line doesn't. Or doesn't seem to. Maybe it does but the configured parameters are being overridden by empty strings from the command line?

Either way, if you don't want to always be typing server=XXX on the command line, one option is to edit sendemail.py and hardcode your server config:

For eg:

Instead of:

server     = ssContent.get('action.email.mailserver', 'localhost')

Use:

server     = ssContent.get('action.email.mailserver', 'yourhost')

daniel_splunk
Splunk Employee
Splunk Employee

If your email server enabled the ssl or tls, you need to use the following syntax.

For tls enabled mail server:
| sendemail from= to= server=":" use_tls=true username= password= sendresults=true

For ssl enabled mail server:
| sendemail from= to= server=":" use_ssl=true username= password= sendresults=true

cli
New Member

Same here as hiteshkanchan. Does not seem Splunk can actually send out emails from command.

0 Karma

ftk
Motivator

The sendemail command by default attempts to use localhost as the SMTP server and ignores the settings used for scheduled search alerts. If you do not have an SMTP server or forwarder installed (which on Windows is quite likely), sendemail will fail when trying to connect to localhost.

To work around this, specify server in sendemail as follows:

my search terms | sendemail to=foo@bar.com sendresults=true server=mail.bar.com

kollachandra
Path Finder

I am getting the following error

command="sendemail", 'rootCAPath' while sending mail to: *****

etrailer
New Member

Adding the server= command worked for me also. Wasn't aware that the command line would ignore the server wide email settings.

0 Karma

doconnorMHS
Engager

This worked for me. Wasted over an hour on this!

jitendra0101
Engager

It is not working for me. Please help me brother.

0 Karma

hiteshkanchan
Communicator

I tried this this command and it gives the error like "command="sendemail", Connection unexpectedly closed while sending mail to: user@domain.com

Get Updates on the Splunk Community!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...