Reporting

Alert email Content Transfer Encoding

rasmith1
New Member

Splunk Enterprise 8.0.2
I can send an email through our enterprise relay using python3 smtplib email.message. These come through with Content Transfer Encoding set to 7bit.
When I setup and trigger an email alert action through Splunk, it fails to relay through and the Content Transfer Encoding is set to base64.
That is the only difference I can detect between the 2 emails using wireshark.
Is there a way to change the Splunk alert email Content transfer encoding to 7bit?
I have looked at sendemail.py and sendemail_handler.py and cannot see where this is specified, it may be in another conf file or perhaps needs to be explicitly defined in one of those 2 .py files?
Thank you for any help.
RASmith

Labels (1)
0 Karma

rasmith1
New Member

If you edit both $SplunkHome\etc\apps\search\bin\sendemail.py and sendemail_handler.py and replace UTF8 with us-ascii, emails are sent with 7bit encoding.

0 Karma
Get Updates on the Splunk Community!

This Week's Community Digest - Splunk Community Happenings [9.26.22]

Get the latest news and updates from the Splunk Community here! Upcoming User Group Events! 👏 Check ...

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...