I have 1 working Splunk box with SMTP. It is SSL Bound ( I did not set this box up). I have 1 more Splunk Box that isn't SSL bound and the SMTP isn't working ( I set this one up). When I try to send a email from a dashboard perhaps. Upon sending the test email it states:
Sending the test email failed: command="sendemail", Connection unexpectedly closed while sending mail to: someone@johndoe.com
I understand this very well maybe an issue with my environment either accepting on not accepting connections coming from a http vs https. I have the exact same SMTP server information in both servers. GUI > Settings > System Settings > Email Settings. I placed the host a name of the smtp vip (there's many smtp servers behind it). for example SMTP.Whatever.com
It works for the original box, but no luck on the new box. I'm unsure of where to go from here as I have found many people with this issue. I don't know enough about Splunk to understand what the source of the problem is? Is it Splunk not happy or the SMTP server? If so I wonder what I have to do to mitigate....
Thank you
Looks like I found out my own answer again..
This wasn't an SSL problem, This wasn't a Splunk Problem. This was an SMTP exception problem. The Team managing the SMTP Virtual name/ Servers needs to add your host name to the exceptions list allowing that server the ability to send outbound email.
your other options are getting a SMTP relay server setup where you can use that one Box (usually one of the server u manage) to send out the emails on your behalf (Opposed to the virtual name) downfall with this is it's a single point of failure where a Load Balanced SMTP virtual name... usually has more than one subnet represented its disaster recovery ready.
The last option is to setup Splunk as an SMTP server or another server locally that you manage.
If you work in an Enterprise or for a Gov. It's better and easier if you work this through your exchange team so that you have high availability with your email.
Looks like I found out my own answer again..
This wasn't an SSL problem, This wasn't a Splunk Problem. This was an SMTP exception problem. The Team managing the SMTP Virtual name/ Servers needs to add your host name to the exceptions list allowing that server the ability to send outbound email.
your other options are getting a SMTP relay server setup where you can use that one Box (usually one of the server u manage) to send out the emails on your behalf (Opposed to the virtual name) downfall with this is it's a single point of failure where a Load Balanced SMTP virtual name... usually has more than one subnet represented its disaster recovery ready.
The last option is to setup Splunk as an SMTP server or another server locally that you manage.
If you work in an Enterprise or for a Gov. It's better and easier if you work this through your exchange team so that you have high availability with your email.
If your SMTP server only accepts SSL connections, you won't be able to connect to it with an unencrypted connection. Do you know your email provider details?
I was able to Telnet to port 25 with that Virtual name so that led me away SSL being the issue. I also was able to use a local relay smtp server and it worked fine also (On the non SSL bound splunk box).
This is 100% Local (no internet).
Thank you for your help!