Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Mail refuses to send to anything other than localhost

atat23
Path Finder
‎09-29-2016 03:32 AM

I am trying to setup an existing instance of Splunk (6.2) to send a scheduled report. In the splunk_python log I am getting:

2016-09-29 11:10:02,417 +0100 ERROR sendemail:356 - [Errno 111] Connection refused while sending mail to: bilbo@theshire.com

2016-09-29 11:10:02,416 +0100 ERROR sendemail:114 - Sending email. subject="Old Toby", results_link="https://splunk:8000/app/hobbits/@go?sid=scheduler__samwise__hobbits__RMD56e9ec5d3df4dd8f4_at_1475143800_7259", recipients="[u'bilbo@theshire.com']", server="localhost"

Issue is the above server value, it should not be localhost, I have changed the email settings to be a local mail server IP and I also tried changing the localhost in sendemail.py script to the IP of the mail server but, according to the log, no matter what I try the automated report is being sent to "localhost".

I've confirmed mail can actually be sent using:

... | sendemail server=10.10.10.10 to=bilbo@theshire.com

And I have successfully received mail without any problems.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

atat23
Path Finder
‎10-04-2016 01:46 AM

I was trying to run this search from a custom app, the report I had setup within the app created a savedsearches.conf and this conf file was automatically populated with default mail settings, so it had the mail server as localhost and the default mail footer, these default values were overriding the custom settings I had setup in server settings > email settings.

View solution in original post

Reply
Solved! Jump to solution
Solution

atat23
Path Finder
‎10-04-2016 01:46 AM

I was trying to run this search from a custom app, the report I had setup within the app created a savedsearches.conf and this conf file was automatically populated with default mail settings, so it had the mail server as localhost and the default mail footer, these default values were overriding the custom settings I had setup in server settings > email settings.

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎09-29-2016 08:55 AM

if you have a smtp relay local, try adding the port : 125.0.0.1:25
in the settings > system >emails, or alert_actions.conf

0 Karma
Reply
Solved! Jump to solution

atat23
Path Finder
‎10-03-2016 05:27 AM

no, there is no smtp relay used or setup

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...