Send email from command

wys2010 · ‎10-12-2010

Some customers ask questions about how to send email from web. And I did a test. I input command

"sourcetype="access_combined" |head 10 | sendemail to="michael_wu@ucom.net.cn" format=html subject="web access log" server=cnmail.systex.com.cn"

and received the results form "cnmail.systex.com.cn" which is our company's mail server. When I rewrite the command as follow

sourcetype="access_combined" |head 10 | sendemail to="wys23@sina.com" format=html subject="web access log" server=smtp.sina.com.cn"

which is a public server I registered. I find error messages "(501, "#5.1.3 Partial domain not allowed: 'Jordan-PC'", 'splunk@Jordan-PC') while sending mail to: wys23@sina.com

Is this a error which is arised from the server smtp.sina.com.cn deny spam mail?

the_wolverine · ‎10-12-2010

Based on the error, its possible that updating the hostname in your alert_actions.conf file will resolve this. The mail is rejected due to "Partial domain not allowed: 'Jordan-PC'". What if you update your hostname to a fully qualified domain name?

ftk · ‎10-12-2010

It appears that your splunk server is not allowed to relay via the smtp.sina.com.cn server. Splunk uses your $LOCALHOST variable to pass to the SMTP server. You might be able to adjust your hostname to be a fully qualified name, the SMTP server might accept it then. Alternatively you could also allow the Splunk server's IP to relay mail.

Any reason you can't just use the cnmail.systex.com.cn that already works to send your email?

Send email from command

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases