Security

WinError 10061: sending reports via email won't work?

bitnapper
Path Finder

I've tried to configure some reports to be send via email. I created a report which runs on a schedule an then send the report via mail. I receive an error like this:

ERROR ScriptRunner [26364 AlertNotifierWorker-3] - stderr from 'C:\Program Files\[..]\sendemail.py "results_link=https://sea:443/app/search/@go?sid=scheduler__myuser__search__RMD5ca1c47b4433f8dbe_at_1675331100_258_5A6150E4-7C97-409F-AC0E-5BC487885B82" "ssname=xxx: myreport" "graceful=True" "trigger_time=1675331129" results_file="C:\Program Files\Splunk\var\run\splunk\dispatch\scheduler__myuser__search__RMD5ca1c47b4433f8dbe_at_1675331100_258_5A6150E4-7C97-409F-AC0E-5BC487885B82\results.csv.gz" "is_stream_malert=False"': ERROR:root:[WinError 10061] Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte while sending mail to: mail@mail.org

I thougt it might be the smtp-gateway but sending mails via | sendemail command works fine.  Also some, but very few, reports go through. Also I checked wether sendmail.py tried to open a connection to the smtp-server but it seems the error comes from sendemail.py trying to open the url in results_link. And that is the point where I do not know what to look for anymore.

Labels (1)
0 Karma

bitnapper
Path Finder

Since the manual sendemail command works, its not the smtp configuration. I checked the occourrences with wireshark and when this error occours, there is no smtp connection at all. This is why I believe its comming from the url when sendemail.py tries to fetch the report.

0 Karma

shivanshu1593
Builder

The error message says that the destination machine is actively refusing the connection request. Have you enabled SSL/TLS in your email configurations in Splunk? Or does the SMTP server expects you to set them up? It could also be an oversized attachment with the report or a certificate issue or even firewall actively blocking the traffic. Some additional context of your situation might help to diagnose this further. Also, are you using Splunk on premises or SplunkCloud?

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...