Reporting

Alert email Content Transfer Encoding

rasmith1
New Member

Splunk Enterprise 8.0.2
I can send an email through our enterprise relay using python3 smtplib email.message. These come through with Content Transfer Encoding set to 7bit.
When I setup and trigger an email alert action through Splunk, it fails to relay through and the Content Transfer Encoding is set to base64.
That is the only difference I can detect between the 2 emails using wireshark.
Is there a way to change the Splunk alert email Content transfer encoding to 7bit?
I have looked at sendemail.py and sendemail_handler.py and cannot see where this is specified, it may be in another conf file or perhaps needs to be explicitly defined in one of those 2 .py files?
Thank you for any help.
RASmith

Labels (1)
0 Karma

rasmith1
New Member

If you edit both $SplunkHome\etc\apps\search\bin\sendemail.py and sendemail_handler.py and replace UTF8 with us-ascii, emails are sent with 7bit encoding.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...