Bug#998515: arpwatch generates malformed emails.
Thanks for providing the details! Unfortunately I still don't have a good idea of what could be causing the broken/truncated mails you're seeing. I have a very similar setup and things are working fine here. The way arpwatch creates and sends reports is roughly as follows: * Create a temporary file in /tmp, immediately unlink it (but keep the file descriptor open). * Write the report to that file descriptor. The report has all the headers first, followed by two newlines and finally the body. * Once finished writing the report, seek the file descriptor back to position 0, launch sendmail and pass the file descriptor to it as standard input. Looking at the broken e-mails you attached, it appears that sendmail doesn't receive the complete content of the report but it starts at some offset (not always exactly the same). I'm not yet sure how that can happen. Can you check that your filesystem in /tmp isn't (almost) full? Also make sure no other filesystem is (almost) full (I believe postfix spools e-mails to somewhere in /var). If that doesn't help, my best ideas are: 1. Launch arpwatch by hand using the `-d` flag but with otherwise same parameters. That should print the reports to standard error so we can see if those are truncated as well. 2. Write a dummy sendmail replacement that just copies the reports somewhere, then direct arpwatch to use that instead. Then check if those reports are truncated as well. I'm happy to help with (2) if we're still uncertain after all the other steps. Thanks & regards Lukas
Bug#998515: arpwatch generates malformed emails.
"ps -U arpwatch -F" output UID PIDPPID CSZ RSS PSR STIME TTY TIME CMD arpwatch 10821 1 0 3044 6124 1 Nov04 ?00:00:01 /usr/sbin/arpwatch -u arpwatch -i eth0 -f eth0.dat -N -p -F "dpkg -S /usr/lib/sendmail" output postfix: /usr/lib/sendmail
Bug#998515: arpwatch generates malformed emails.
Control: tags -1 + moreinfo Hi Yanko, thanks for your report! Please help me to understand what's happening by providing the following information: * How exactly is arpwatch invoked? Please provide the output of `ps -U arpwatch -F` or (in case that doesn't show any processes) `ps -eF | grep arpwatch`. * The output of `dpkg -S /usr/lib/sendmail` so I know which Debian package is providing the /usr/lib/sendmail binary installed in your system. Thanks Lukas
Bug#998515: arpwatch generates malformed emails.
Package: arpwatch Version: 2.1a15-8 Severity: important Dear Maintainer, After I installed arpwatch apt-get install arpwatch and enabled it systemctl enable arpwatch@eth0 systemctl start arpwatch@eth0 arpwatch sends malformed emails (no subject, mail body prefix truncated, mail body inside mail headers) such as the attached examples. -- System Information: Debian Release: 11.1 APT prefers stable APT policy: (700, 'stable'), (500, 'stable-updates'), (500, 'stable-security'), (400, 'testing'), (100, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.11.22-5-pve (SMP w/4 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages arpwatch depends on: ii adduser 3.118 ii gawk 1:5.1.0-1 ii init-system-helpers 1.60 ii libc62.31-13+deb11u2 ii libpcap0.8 1.10.0-2 ii lsb-base 11.1.0 Versions of packages arpwatch recommends: ii ieee-data 20210605.1 arpwatch suggests no packages. -- no debconf information --- Begin Message --- : eth0 ethernet address: ea:c7:4b:97:6b:12 ethernet vendor: timestamp: Thursday, November 4, 2021 13:36:54 -0400 --- End Message --- --- Begin Message --- --- End Message --- --- Begin Message --- --- End Message --- --- Begin Message --- --- End Message --- --- Begin Message --- --- End Message --- --- Begin Message --- --- End Message --- --- Begin Message --- eth0 ethernet address: 12:26:18:43:ef:30 ethernet vendor: timestamp: Thursday, November 4, 2021 13:37:37 -0400 --- End Message --- --- Begin Message --- : eth0 ethernet address: 08:1f:71:05:d5:0c ethernet vendor: TP-LINK TECHNOLOGIES CO.,LTD. timestamp: Thursday, November 4, 2021 13:38:07 -0400 --- End Message --- --- Begin Message --- --- End Message --- --- Begin Message --- interface: eth0 ethernet address: 04:d9:f5:ac:23:54 ethernet vendor: ASUSTek COMPUTER INC. timestamp: Thursday, November 4, 2021 13:42:33 -0400 --- End Message --- --- Begin Message --- interface: eth0 ethernet address: 70:8b:cd:9f:23:46 ethernet vendor: ASUSTek COMPUTER INC. timestamp: Thursday, November 4, 2021 13:43:37 -0400 --- End Message --- --- Begin Message --- ethernet address: f4:81:39:de:73:bf ethernet vendor: CANON INC. timestamp: Thursday, November 4, 2021 13:43:46 -0400 --- End Message ---
