Reporting

After migrating Splunk 6.3.2 from Red Hat 5 to Red Hat 6, why am I getting "connection refused" errors trying to send an email?

Path Finder

I am setting up Splunk 6.3.2 to run on a new Red Hat 6 server and migrated from a Red Hat 5 server. I installed Splunk using the 6.3.2 rpm and Splunk works fine. I tar'd the contents of /etc on the old RH5 server and untar'd them on the new RH6 server. I have done this in the past with no issues (RH5 to RH5). Email is the only thing not working, and in the ~splunk_home/var/log/python.log I see a bunch of Connection Errors when trying to send email. What did I do wrong here when converting?

16-02-25 09:09:13,810 -0500 ERROR     sendemail:378 - [Errno 111] Connection refused while sending mail to: userid@domain.com
2016-02-25 09:10:46,042 -0500 INFO      sendemail:985 - sendemail pdfService = pdfgen
2016-02-25 09:10:46,043 -0500 INFO      sendemail:1117 - sendemail:mail effectiveTime=1456409400
2016-02-25 09:10:47,330 -0500 INFO      sendemail:1137 - Generated PDF for email
2016-02-25 09:10:47,407 -0500 ERROR     sendemail:115 - Sending email. subject="Splunk Alert: Distributed_Alert_MI_(Disk Percent Free)", results_link="http://tlpsplu1:8000/app/search/@go?sid=scheduler__userid__search__RMD5ac90a8a41fbc3d92_at_1456409400_33993", recipients="[u'userid@domain.com']", server="tlpsplu1.domain.net"
2016-02-25 09:10:47,407 -0500 ERROR     sendemail:378 - [Errno 111] Connection refused while sending mail to: userid@domain.com
2016-02-25 09:11:15,807 -0500 INFO      sendemail:985 - sendemail pdfService = pdfgen
2016-02-25 09:11:15,808 -0500 INFO      sendemail:1117 - sendemail:mail effectiveTime=1456409460
2016-02-25 09:11:17,099 -0500 INFO      sendemail:1137 - Generated PDF for email
2016-02-25 09:11:17,214 -0500 ERROR     sendemail:115 - Sending email. subject="Splunk Alert: Distributed_Alert_MI_(Disk Percent Free)", results_link="http://tlpsplu1:8000/app/search/@go?sid=scheduler__userid__search__RMD5ac90a8a41fbc3d92_at_1456409460_34020", recipients="[u'userid@domain.com']", server="tlpsplu1.domain.net"
0 Karma

Contributor

As stated above, you need to check the connectivity from new server to your mail server possibly on port 25.Check the email setting in old server. Try to run the mail command manually from search and see if it is working.

0 Karma

SplunkTrust
SplunkTrust

Perhaps a firewall is blocking connections from the RH6 server to the email server. Or the email server doesn't recognize the RH6 server and is refusing connections from it.

---
If this reply helps you, an upvote would be appreciated.
0 Karma