Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why my sendemail.py for alerts gets killed?

sylim_splunk
Splunk Employee
Splunk Employee
‎05-26-2017 03:57 PM

I have several reports set up and configured to send email alerts. But I'm not getting emails which appears due to the below WARN messages. Mostly this happens to the reports running at night, like after 9pm..

05-22-2017 19:05:13.201 +0000 WARN script - Script has timed out and will be killed, maxtime=300sec, script=/opt/splunk/bin/python /opt/splunk/etc/apps/search/bin/sendemail.py '"results_link=https://splunk.mysplunk.com.au/app/search/@go?sid=scheduler__my user_searchRMDb6ea072df8e31633_at_1495479600_37189"' '"ssname=ErrorCode Testing"' '"graceful=True"' '"trigger_time=1495479612"' 'results_file="/opt/splunk/var/run/splunk/dispatch/schedulermyusersearch_RMDb6ea072df8e31633_at_1495479600_37189/results.csv.gz"'

This is my configuration, using amazon email service;
In etc/system/local/alert_actions.conf
mailserver = email-smtp.east.amazonaws.com:25
use_tls = 1

Why it takes more than 5 mins for the sendemail.py to send just short email message?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sylim_splunk
Splunk Employee
Splunk Employee
‎05-26-2017 04:00 PM

This turns out to be caused by the amazon mailserver limiting max daily emails allowed.

https://stackoverflow.com/questions/34694978/why-does-amazon-ec2-limit-port-25/34695131
-- excerpts --
Amazon EC2 imposes default sending limits on email sent via port 25 and throttles outbound connections if you attempt to exceed those limits. To remove these limits, submit a Request to Remove Email Sending Limitations. You can also connect to Amazon SES via port 465 or port 587, neither of which is throttled.

After changing the port 25 to 587 it appears all good now.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sylim_splunk
Splunk Employee
Splunk Employee
‎05-26-2017 04:00 PM

This turns out to be caused by the amazon mailserver limiting max daily emails allowed.

https://stackoverflow.com/questions/34694978/why-does-amazon-ec2-limit-port-25/34695131
-- excerpts --
Amazon EC2 imposes default sending limits on email sent via port 25 and throttles outbound connections if you attempt to exceed those limits. To remove these limits, submit a Request to Remove Email Sending Limitations. You can also connect to Amazon SES via port 465 or port 587, neither of which is throttled.

After changing the port 25 to 587 it appears all good now.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...