Security

ERROR [Errno 111] Connection refused while sending mail to:

npandith
Explorer

We are running splunk 4.2.3 on RHEL 5.I am scheduling a job in windows app and email the results to my email id but i am not receiving any emails from splunk server. I am seeing these below connection refused errors in python.log

2011-11-03 21:19:01,489 ERROR Sending email. subject="Splunk Alert: windows failed", results_link="https://splunk_server_name:8000/app/windows/@go?sid=scheduler__admin__windows_d2luZG93cyBmYWlsZWQ_at...", recepients="['foo@bar.com', '', '']"
2011-11-03 21:19:01,489 ERROR [Errno 111] Connection refused while sending mail to: foo@bar.com

There are no issues with firewall or iptables. I am able to send emails from the actual splunk server itself but not from the alert/report. I configured "Link Hostname" to the ip of the server, server hostname, left it blank but still no luck.

Tags (1)

gordo32
Communicator

I ran into this as well. This happened after I copied some alert from another system to setup on a new search head.

The problem turned out to be that I created the alerts before configuring the mail server in Splunk, so the alerts had this statement in savedsearches.conf:
action.email.mailserver = localhost

Manually edited savedsearches.conf to remove this (as well as action.email.from, which was "splunk").

After restarting Splunk, the alerts mail properly.

0 Karma

npandith
Explorer

In "Mail Server Settings" the mail host was set to localhost and hence it was not sending emails when i ran the report. Now i have configured mail host with the mail server host name and now email are triggering fine from the splunk.

Takajian
Builder

I am not sure the root cause of the issue. But sendemail command may help you to isolate the issue. You will know more if smtp setting is correct or semdemail python command is ok or network issue...

... | sendemail to="elvis@splunk.com,john@splunk.com" format=html subject=myresults server=mail.splunk.com

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Sendemail

Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...