Reporting

Alert email Content Transfer Encoding

rasmith1
New Member

Splunk Enterprise 8.0.2
I can send an email through our enterprise relay using python3 smtplib email.message. These come through with Content Transfer Encoding set to 7bit.
When I setup and trigger an email alert action through Splunk, it fails to relay through and the Content Transfer Encoding is set to base64.
That is the only difference I can detect between the 2 emails using wireshark.
Is there a way to change the Splunk alert email Content transfer encoding to 7bit?
I have looked at sendemail.py and sendemail_handler.py and cannot see where this is specified, it may be in another conf file or perhaps needs to be explicitly defined in one of those 2 .py files?
Thank you for any help.
RASmith

Labels (1)
0 Karma

rasmith1
New Member

If you edit both $SplunkHome\etc\apps\search\bin\sendemail.py and sendemail_handler.py and replace UTF8 with us-ascii, emails are sent with 7bit encoding.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.