Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- alert_actions.conf for Exchange, no encrypted auth...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have been provided an Exchange account, which I configured in alert_actions.conf (via web console).
No ssl, no tls.
I can send an email with sendemail.
However, when I a scheduled alert tries to send an email, I find this in the python log file:
"ERROR No suitable authentication method found. while sending mail to:..."
Can Splunk alerts authenticate an SMTP account without encryption?
Seeing that sendemail worked, I tried removing the username and password from alert_actions but still, the same error message...
Also, I did perform a packet capture. There is communication between Exchange and Splunk. There is the initial SMTP message, Splunk says ehlo, SMPT server returns capabilities, and then Splunk reports the error.
Update. More details.
Packet capture for no encryption, with Username and Password:
<220 xchange2010.xxx.com Microsoft ESMTP MAIL Service ready at Fri, 18 Apr 2014 11:45:23 -0500
>ehlo xxx.xxx.com
<250-xchange2010.xxx.com Hello [192.168.1.48]
<250-SIZE 30720000
<250-PIPELINING
<250-DSN
<250-ENHANCEDSTATUSCODES
<250-X-ANONYMOUSTLS
<250-AUTH
<250-X-EXPS GSSAPI NTLM
<250-8BITMIME
<250-BINARYMIME
<250-CHUNKING
<250-XEXCH50
<250-XRDST
<250 XSHADOW
And the "No suitable authentication" error is logged at this point.
If I provide no username and password:
<220 xchange2010.xxx.com Microsoft ESMTP MAIL Service ready at Fri, 18 Apr 2014 11:44:23 -0500
>ehlo xxx.xxx.com
<250-xchange2010.xxx.com Hello [192.168.1.48]
<250-SIZE 30720000
<250-PIPELINING
<250-DSN
<250-ENHANCEDSTATUSCODES
<250-X-ANONYMOUSTLS
<250-AUTH
<250-X-EXPS GSSAPI NTLM
<250-8BITMIME
<250-BINARYMIME
<250-CHUNKING
<250-XEXCH50
<250-XRDST
<250 XSHADOW
>mail FROM:<xxx@aaa.com> size=749
<250 2.1.0 Sender OK
>rcpt TO:<ericp@yyy.com>
<250 2.1.5 Recipient OK
data
<354 Start mail input; end with <CRLF>.<CRLF>
and the message is completed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It seems that, indeed, for "250-AUTH" with no login options, you should not set the username and password. Otherwise, Splunk figures it MUST use the credentials, but CAN NOT use the current SMTP server, because there are no AUTH options.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It seems that, indeed, for "250-AUTH" with no login options, you should not set the username and password. Otherwise, Splunk figures it MUST use the credentials, but CAN NOT use the current SMTP server, because there are no AUTH options.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
no, but I just provided feedback for the documentation.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
did you file a feature request for this?
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
