We're using Splunk Enterprise version 220.127.116.11 and trying to configure Splunk to send email alerts but cannot make it work. We've tried both Gmail and O365, here are the errors:
1. Email settings: Mail host: smtp.gmail.com:587, Enable TLS, enter Username and password (we use app password for smtp.gmail.com)
--> Error: sendemail:561 - (530, b'5.7.0 Authentication Required. Learn more at\n5.7.0 https://support.google.com/mail/?p=WantAuthError 5-20020a17090a1a4500b00274e610dbdasm2199058pjl.8 - gsmtp', 'email@example.com') while sending mail to: receive@....
2. Email settings: Mail host: smtp.office365.com:587, Enable TLS, enter Username and password (username and password can login to Outlook successfully)
--> Error: sendemail:561 - (530, b'5.7.57 Client not authenticated to send mail. [SGAP274CA0001.SGPP274.PROD.OUTLOOK.COM 2023-09-21T02:01:45.399Z 08DBB9CB1E03821B]', 'firstname.lastname@example.org') while sending mail to: receive@....
After upgrading to v91.1. I also ran into that issue, but only for Windows machines that had Splunk Enterprise installed. The Linux installations were not affected.
I fixed it by replacing the ...\Splunk\etc\apps\search\bin\sendemail.py with an older version. Now I am getting integrity check errors, but e-mail alerts work fine.
There is another post that says this issue might be fixed in v9.1.2. Let's see.. https://community.splunk.com/t5/Splunk-Enterprise/What-is-happening-in-Splunk-Enterprise-V9-1-0-1/m-...