Are you a member of the Splunk Community?
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Reporting
- :
- Re: Sendemail no longer working since upgrade
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Getting permissions error with 'sendemail' after upgrading from 7 to 8.
Hi all
I recently upgraded my Splunk instance to version 8.x (whatever the newest one was a week ago). I reconfigured pretty much everything as I had it before (on v7.x) and I have noticed I can no longer get my email notification to work.
I am using exactly the same settings for email as I used in version 7 but with version 8 I get these error messages :
ERROR sendemail:475 - (550, '5.7.60 SMTP; Client does not have permissions to send as this sender') while sending mail to: nick.xxxxx@xxxxxx.xxxI have configured Splunk to use our local exchange server for sending emails and its set to send emails as my self to myself. I have the correct settings/ports for TLS and the auth part, I have verified these settings using powershell and another python script and they both work, it's just Splunk that doesn't work.
I suspect that something is being changed when the sendemail attempt happens but I cannot see anything in the logs to see exactly what is being sent.
Any ideas on how to troubleshoot?
Looked in the splunkd.log and nothing really more than the above...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is a command which you are using for sending those test mail or is it an alert?
Another log which could told more is python.log.
r. Ismo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's a scheduled report that i am trying to send. Sadly python log did not have anything more usefull
2020-07-14 09:35:07,062 +0000 ERROR sendemail:142 - Sending email. subject="Splunk Report: xxxx", results_link="http://10.21.56.47:8000/app/search/@go?sid=scheduler__admin__search__RMD5141fe5c68308f17b_at_1594719...", recipients="[u'xxxxx@xxxxxx']", server="xxxxxxxxxxxxx"
2020-07-14 09:35:07,062 +0000 ERROR sendemail:475 - (550, '5.7.60 SMTP; Client does not have permissions to send as this sender') while sending mail to: xxxxxxxxxxxxxxxx
2020-07-14 09:40:02,720 +0000 INFO sendemail:1162 - sendemail pdfgen_available = 1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This seems to be somehow SMTP server side issue. Can you check if this helps: https://community.splunk.com/t5/Archive/How-to-send-alerts-via-SMTP-to-O365/td-p/293513
r. Ismo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the link , somehow doubt that is the issue since i can use pretty much the same settings to send an email using powershell/python . Oh well search continues...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does the command sendemail from GUI working?
r. Ismo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well it works in the way that it actually runs and i still get the same error :
command="sendemail", (550, '5.7.60 SMTP; Client does not have permissions to send as this sender') while sending mail to: nick.giannoulis@xxxxxx.com
Time to get wireshark out and see if i can spot the issue.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok this has got weird now. Rebooted and now i can send emails via the 'command line' in the gui but not the automated way.
Example :
index=* | head 10 | sendemail to="nick.giannoulis@xxxx.com" from="nick.giannoulis@xxxx.com" subject="test" server="imapoutgoing.xxxxxxxxx.net:587" use_tls=true
This works fine.
My scheduled report still does not work though.
The settings i have put in at Settings | Server Settings | Emails settings are the same as above :
Maihost : imapoutgoing.xxxxxxx.net:587 | Enable TLS
Send email as : nick.giannoulis@xxxx.com ( copy & paste from the above just in case )
This is the error from the logs :
07-17-2020 11:30:04.296 +0100 ERROR ScriptRunner - stderr from 'C:\Program Files\Splunk\bin\Python2.exe C:\Program Files\Splunk\etc\apps\search\bin\sendemail.py "results_link=http://10.21.56.47:8000/app/search/@go?sid=scheduler__admin__search__RMD5141fe5c68308f17b_at_1594981800_1" "ssname=Joe_Report" "graceful=True" "trigger_time=1594981800" results_file="C:\Program Files\Splunk\var\run\splunk\dispatch\scheduler__admin__search__RMD5141fe5c68308f17b_at_1594981800_1\results.srs.zst" "is_stream_malert=False"': ERROR:root:(550, '5.7.60 SMTP; Client does not have permissions to send as this sender') while sending mail to: nick.giannoulis@xxxxxxxxx.com
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is your windows version supported by Splunk for 8.x.x?
Observe and Secure All Apps with Splunk
Splunk Decoded: Business Transactions vs Business IQ
Fastest way to demo Observability
