Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Mail refuses to send to anything other than localhost

atat23
Path Finder
‎09-29-2016 03:32 AM

I am trying to setup an existing instance of Splunk (6.2) to send a scheduled report. In the splunk_python log I am getting:

2016-09-29 11:10:02,417 +0100 ERROR sendemail:356 - [Errno 111] Connection refused while sending mail to: bilbo@theshire.com

2016-09-29 11:10:02,416 +0100 ERROR sendemail:114 - Sending email. subject="Old Toby", results_link="https://splunk:8000/app/hobbits/@go?sid=scheduler__samwise__hobbits__RMD56e9ec5d3df4dd8f4_at_1475143800_7259", recipients="[u'bilbo@theshire.com']", server="localhost"

Issue is the above server value, it should not be localhost, I have changed the email settings to be a local mail server IP and I also tried changing the localhost in sendemail.py script to the IP of the mail server but, according to the log, no matter what I try the automated report is being sent to "localhost".

I've confirmed mail can actually be sent using:

... | sendemail server=10.10.10.10 to=bilbo@theshire.com

And I have successfully received mail without any problems.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

atat23
Path Finder
‎10-04-2016 01:46 AM

I was trying to run this search from a custom app, the report I had setup within the app created a savedsearches.conf and this conf file was automatically populated with default mail settings, so it had the mail server as localhost and the default mail footer, these default values were overriding the custom settings I had setup in server settings > email settings.

View solution in original post

Reply
Solved! Jump to solution
Solution

atat23
Path Finder
‎10-04-2016 01:46 AM

I was trying to run this search from a custom app, the report I had setup within the app created a savedsearches.conf and this conf file was automatically populated with default mail settings, so it had the mail server as localhost and the default mail footer, these default values were overriding the custom settings I had setup in server settings > email settings.

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎09-29-2016 08:55 AM

if you have a smtp relay local, try adding the port : 125.0.0.1:25
in the settings > system >emails, or alert_actions.conf

0 Karma
Reply
Solved! Jump to solution

atat23
Path Finder
‎10-03-2016 05:27 AM

no, there is no smtp relay used or setup

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...