Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Email Settings | TLS Handshake

socespap
Explorer
‎01-22-2019 10:05 AM

Hi Splunk Community,

I am trying to setup a TLs communication btw Splunk Entreprise and an email server for sending alerts. Based on three available options - None | SSL | TLS, only none is working properly.

when chose TLS I received the following error "ERROR:root:STARTTLS extension not supported by server. while sending mail to"

01-22-2019 17:57:57.138 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/search/bin/sendemail.py "results_link=https://uh0014:8443/app/search/@go?sid=rt_scheduler__vile__search__RMD50843376f462c8b90_at_154817958..." "ssname=Errors reported (Real Time)" "graceful=True" "trigger_time=1548179876" results_file="/opt/splunk/var/run/splunk/dispatch/rt_scheduler_vilesearch_RMD50843376f462c8b90_at_1548179587_6.45/results.csv.gz"': ERROR:root:STARTTLS extension not supported by server. while sending mail to:

On alert_action.conf file I have the following
[email]
mailserver = smtp.XXXXX
pdf.header_left = none
pdf.header_right = none
use_tls = 1
sslVersions = tls1.2
sslVerifyServerCert = true
use_ssl = 0
from = noreply_siem@XXXXX
reportPaperSize = a4

Any tip?

Sincerely

VML

Tags (1)
Reply

driva
Path Finder
‎01-07-2020 01:11 AM

Hi VML,

I had a similar issue when using Office 365 SMTP settings. Usually it is enough to specify smtp.office365.com however I got the same error as yourself. Try adding the port number at the end of the address within Email Settings.

e.g. smtp.office365.com:587 (587 is default). For Office 365 this works with TLS enabled.

Best wishes,

Dan

0 Karma
Reply

evelenke
Contributor
‎09-17-2019 01:40 AM

Hi, did you resolve this?

0 Karma
Reply

orion44
Communicator
‎02-17-2019 08:26 PM

Same error here, unable to send any emails from Splunk Enterprise.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...