EDIT: This only appears to work with in-line email commands, Alert e-mails still do not seem to work with this fix.
Alright folks, here's what I did to fix this. Remember I'm using AWS as my SMTP server so things might not be the same for you.
First the STARTTLS issue. It appears that Splunk is not properly reading or setting the variable from the config file, and thus is failing to trip an if startment. You'll need to edit ${SPLUNKHOME}/etc/apps/search/bin/sendemail.py. Our problems is the following bit of code:
if use_tls:
smtp.starttls()
All that's needed is to change the variable at the beginning of the function, like so:
#use_tls = normalizeBoolean(ssContent.get('action.email.use_tls', False))
use_tls = normalizeBoolean(ssContent.get('action.email.use_tls', True))
With that done, TLS should be functional. However I ran into a second error:
command="sendemail", (554, "Transaction failed: User name is missing: 'splunk'.") while sending mail to: matthew_blahblah@yaddayadda.com
This is basically is AWS telling me the From address is not on the verified senders list. I knew the senders address in the config file was verified, so after some more digging I found the final piece to the puzzle:
def buildHeaders(argvals, ssContent, email, sid, serverInfoContent):
sender = ssContent.get("action.email.from", "splunk")
Find that chunk of code and replace "splunk" with your actual from address and you should be good to go! Example for extra clarification:
def buildHeaders(argvals, ssContent, email, sid, serverInfoContent):
sender = ssContent.get("action.email.from", "splunk@yaddayadda.com")
I hope this helps!
... View more