Getting Data In

ERROR Sending email with sendemail, but alert emails work fine

ftk
Motivator

I have my smtp server configured correctly and have setup and do receive plenty of alerts for scheduled searches. However when I attempt to use the sendemail command, the following error is displayed:

[Errno 10061] No connection could be made because the target machine actively refused it while sending mail to: foo@bar.com

The only error I can find in the logs is from var/log/python.log:

2010-07-28 10:18:51,105 ERROR Sending email. subject="Splunk Results", results_link="None", recepients="['foo@bar.comm']"

I haven't been able to find any other errors related to this, and this is the only line in python.log.

I am using sendemail as follows:

my search terms | sendemail to=foo@bar.com sendresults=true

Windows Installation, 4.1.3. What am I doing wrong?

1 Solution

ftk
Motivator

The sendemail command by default attempts to use localhost as the SMTP server and ignores the settings used for scheduled search alerts. If you do not have an SMTP server or forwarder installed (which on Windows is quite likely), sendemail will fail when trying to connect to localhost.

To work around this, specify server in sendemail as follows:

my search terms | sendemail to=foo@bar.com sendresults=true server=mail.bar.com

View solution in original post

ben363
Path Finder

For some reason, sendemail.py doesn't use the same parameters as scheduled search.

Setting the server parameters in the GUI (Settings->Server Settings->Email Settings) will get scheduled search to work, but not sendemail.

Saved searches look in users/XXX/search/loca/savedsearches.conf, and then in ./system/local/alert_actions.conf

sendemail from the command line doesn't. Or doesn't seem to. Maybe it does but the configured parameters are being overridden by empty strings from the command line?

Either way, if you don't want to always be typing server=XXX on the command line, one option is to edit sendemail.py and hardcode your server config:

For eg:

Instead of:

server     = ssContent.get('action.email.mailserver', 'localhost')

Use:

server     = ssContent.get('action.email.mailserver', 'yourhost')

daniel_splunk
Splunk Employee
Splunk Employee

If your email server enabled the ssl or tls, you need to use the following syntax.

For tls enabled mail server:
| sendemail from= to= server=":" use_tls=true username= password= sendresults=true

For ssl enabled mail server:
| sendemail from= to= server=":" use_ssl=true username= password= sendresults=true

cli
New Member

Same here as hiteshkanchan. Does not seem Splunk can actually send out emails from command.

0 Karma

ftk
Motivator

The sendemail command by default attempts to use localhost as the SMTP server and ignores the settings used for scheduled search alerts. If you do not have an SMTP server or forwarder installed (which on Windows is quite likely), sendemail will fail when trying to connect to localhost.

To work around this, specify server in sendemail as follows:

my search terms | sendemail to=foo@bar.com sendresults=true server=mail.bar.com

kollachandra
Path Finder

I am getting the following error

command="sendemail", 'rootCAPath' while sending mail to: *****

etrailer
New Member

Adding the server= command worked for me also. Wasn't aware that the command line would ignore the server wide email settings.

0 Karma

doconnorMHS
Engager

This worked for me. Wasted over an hour on this!

jitendra0101
Engager

It is not working for me. Please help me brother.

0 Karma

hiteshkanchan
Communicator

I tried this this command and it gives the error like "command="sendemail", Connection unexpectedly closed while sending mail to: user@domain.com

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...