Description of problem: (I don't see arpwatch listed as a component, assigning to distribution for now.) Arpwatch emails always end up empty although the syslog entry has the MAC address. Version-Release number of selected component (if applicable): arpwatch-2.1a13-9.RHEL4 How reproducible: Always. Steps to Reproduce: 1. Just enable arpwatch and wait. 2. 3. Actual results: Emails are empty. Expected results: Expect MAC addresses to be emailed. Additional info: I also putzed with the OPTIONS line of /etc/sysconfig/arpwatch to no avail. I don't see any errors in the syslog regarding the email trying to be sent. It just ends up empty.
For the record a ~change~ in MAC to IP actually triggers an email with the proper data. It's just a new record that doesn't, I didn't notice the change emails until recently. Cheers, -Ali
Hm, have you made any changes? Sending mail works for me on fresh installed RHEL4. Have you properly installed all mail programs? like sendmail, procmail...
Yes, it works fine. Note that only the ~new~ MAC discoveries send emtype emails but log fine. The changes, as I note in my last update, work fine in the first place. This is a RHEL 4 up2date-d. Sendmail works just fine, outbound emails and the local queue work fine. arpwatch-2.1a13-10.RHEL4 currently and that exhibits the same problem. Hrmm. -Ali
Can you past here a part of logfile, when arpwatch writes log and does not send correct email?
Created attachment 115802 [details] One more time.
I added the attachment because Bugzilla generated an error (two times it failed, first time with no message). The attachement has my update plus the Bugzilla error. Cheers, -Ali
Can you attach a mail which is generated by arpwatch? (With all headers)
http://people.redhat.com/stransky/tcpdump/tcpdump-3.8.2-11.mail.src.rpm Here is a testing version of arpwatch which doesn't delete /tmp/arpwatch.XXXXX files. Those contains mail messages which are sent by sendmail. You can send it manually by "sendmail -odi root /tmp/arpwatch.XXXXX" and investigate if there are any errors...
Any news?
I can work on this during the weekend, haven't had time. Sorry. I'll pull the package and rpmbuild --rebuild it, etc. -Ali
Bloody Bugzilla keeps erroring out on the commit. I rebuilt the SRPM but see no overlap between the tcpdump and arpwatch. Are you sure this is what you want me to do or was posting the SRPM for tcpdump a mistake?
After rebuild, install only arpwatch-2.1a13-11.mail.i386.rpm package which is included in tcpdump source rpm...
Yeah, I noticed that a bit too late. *sigh* I did that but nada, the sendmail -odi root < arpwatch.foo works fine without error and the email comes blank. Did you see my attachment above? That strangeness in the header still appears though. It still looks like the first line for 'hostname' is getting cutof as 'me:'... I tried turning off all anti-spam features, etc. and that didn't help. I thought perhaps mime defang was doing something. No joy. :-/ I've gotta run, sorry for being brain dead this morning. I'll check again later.
Reopen it please, if you find anything new.