Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Mail refuses to send to anything other than localhost

atat23
Path Finder
‎09-29-2016 03:32 AM

I am trying to setup an existing instance of Splunk (6.2) to send a scheduled report. In the splunk_python log I am getting:

2016-09-29 11:10:02,417 +0100 ERROR sendemail:356 - [Errno 111] Connection refused while sending mail to: bilbo@theshire.com

2016-09-29 11:10:02,416 +0100 ERROR sendemail:114 - Sending email. subject="Old Toby", results_link="https://splunk:8000/app/hobbits/@go?sid=scheduler__samwise__hobbits__RMD56e9ec5d3df4dd8f4_at_1475143800_7259", recipients="[u'bilbo@theshire.com']", server="localhost"

Issue is the above server value, it should not be localhost, I have changed the email settings to be a local mail server IP and I also tried changing the localhost in sendemail.py script to the IP of the mail server but, according to the log, no matter what I try the automated report is being sent to "localhost".

I've confirmed mail can actually be sent using:

... | sendemail server=10.10.10.10 to=bilbo@theshire.com

And I have successfully received mail without any problems.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

atat23
Path Finder
‎10-04-2016 01:46 AM

I was trying to run this search from a custom app, the report I had setup within the app created a savedsearches.conf and this conf file was automatically populated with default mail settings, so it had the mail server as localhost and the default mail footer, these default values were overriding the custom settings I had setup in server settings > email settings.

View solution in original post

Reply
Solved! Jump to solution
Solution

atat23
Path Finder
‎10-04-2016 01:46 AM

I was trying to run this search from a custom app, the report I had setup within the app created a savedsearches.conf and this conf file was automatically populated with default mail settings, so it had the mail server as localhost and the default mail footer, these default values were overriding the custom settings I had setup in server settings > email settings.

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎09-29-2016 08:55 AM

if you have a smtp relay local, try adding the port : 125.0.0.1:25
in the settings > system >emails, or alert_actions.conf

0 Karma
Reply
Solved! Jump to solution

atat23
Path Finder
‎10-03-2016 05:27 AM

no, there is no smtp relay used or setup

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...