Alert email Content Transfer Encoding

rasmith1 · ‎04-08-2020

Splunk Enterprise 8.0.2
I can send an email through our enterprise relay using python3 smtplib email.message. These come through with Content Transfer Encoding set to 7bit.
When I setup and trigger an email alert action through Splunk, it fails to relay through and the Content Transfer Encoding is set to base64.
That is the only difference I can detect between the 2 emails using wireshark.
Is there a way to change the Splunk alert email Content transfer encoding to 7bit?
I have looked at sendemail.py and sendemail_handler.py and cannot see where this is specified, it may be in another conf file or perhaps needs to be explicitly defined in one of those 2 .py files?
Thank you for any help.
RASmith

rasmith1 · ‎04-09-2020

If you edit both $SplunkHome\etc\apps\search\bin\sendemail.py and sendemail_handler.py and replace UTF8 with us-ascii, emails are sent with 7bit encoding.

Alert email Content Transfer Encoding

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SplunkTrust Application Period is Officially OPEN!

Join the Conversation

Alert email Content Transfer Encoding

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SplunkTrust Application Period is Officially OPEN!