ArpWatch installation failed

Hi all,

When installing ArpWatch which is possible since CU196, it does not display any errors, however, despite the creation of the conf file (bugged in the wiki?), the service starts in SSH but remains in the STOPPED state in the GUI (Status > Services > ArpWatch).

Here’s what I’ve done in /etc/sysconfig/arpwatch :

INTERFACES=“green0 blue0”
ARGS=“-f /var/lib/arpwatch/arp.dat”

Then in SSH :

mkdir -p /var/lib/arpwatch
touch /var/lib/arpwatch/arp.dat
chown nobody:nobody /var/lib/arpwatch/arp.dat

I’ve also made other permission changes, but they don’t seem to have any impact on the service startup…

I’m going to relaunch the installation on another clean IPFire from Pakfire to check what’s missing…

According to the wiki, this addon comes with CU 197.

Hi @bbitsch ,

ArpWatch was already present in my IPFire CU196 > PakFire and therefore available for installation.

But that’s not a problem, it’s just a clarification (contrary to what I have read here and there)…

Hi,
I tried the ArpWatch component on a test machine, but I can confirm that it doesn’t work.
The configuration file that needs to be created is missing. Perhaps it would have been better to insert a default one and then let it be modified according to your needs.
I can’t run the service despite the changes made.

I made some changes to the wiki so that the configuration file settings match better (arpwatch).

With these changes, the service starts correctly in SSH (/etc/init.d/arpwatch start) and the add-on is functional, however the service still appears as STOPPED in the gui.

Would anyone like to test this new configuration and report any potential shortcomings (rights, etc.) ?

Hi, I tried it on a test machine. From what I can see, it works on the green network, not the blue network.
In the graphical interface, I can confirm that it stays red, as if it were in sleep mode.
I also tried enabling email, but it doesn’t seem to send them.
Maybe I need to do more tests on this point to be more precise.

You have added a line to create the directory /var/lib/arpwatch

This is pointless as the directory is created as part of the installed addon and contains the file ethercodes.dat Therefore there is not need to create the directory.

arpwatch only listens on one interface at a time.

I tried the original /etc/sysconfig/arpwatch and this worked fine with starting arpwatch on green0.

Confirmed by finding /var/run/arpwatch-green0.pid, checking the contents to find the pid and then running ps -p 'pid' to get the process listing fore that pid and it shows up as arpwatch, so it is running.

I also confirmed that pressing the green up arrow on the services page causes arpwatch to be started.

The problem with the services page not showing it as running is because the arpwatch initscript only has start, stop & restart and the services pages uses the status command to identify if the involved addon is running.

So I believe that your two changes to the wiki are incorrect and should be removed.

EDIT2:
Checking the initscript a bit closer, I think it is designed to be able to run multiple arpwatch instances with different pid’s defined by the interface id.
However trying the INTERFACES entry with “green0 blue0” did not result in both arpwatch-green0.pid and arpwatch-blue0.pid being created.; Only the green one was created.

EDIT3:
The INTERFACES variable is being taken in as a list of strings but for some reason in the start section it runs the commands as

Starting ARP Watch on green0… [ OK ]
Starting ARP Watch on green0… [ OK ]

However when running the stop command it takes the INTERFACES list correctly

Stopping ARP Watch on green0… [ OK ]
Stopping ARP Watch on blue0… Not running. [ WARN ]

but of course the blue0 interface arpwatch did not get started and hence it is shown as not running.

Need to figure out why the start code

		for intf in ${INTERFACES}; do
			boot_mesg "Starting ARP Watch on ${intf}..."

			# Create the data file for this interface
			if [ ! -e "/var/lib/arpwatch/${intf}.dat" ]; then
				: > "/var/lib/arpwatch/${intf}.dat"
			fi

			PIDFILE="/var/run/arpwatch-${intf}.pid" \
			loadproc -f \
				/usr/sbin/arpwatch "${args[@]}" \
					-P "/var/run/arpwatch-${intf}.pid" \
					-f "/var/lib/arpwatch/${intf}.dat" \
					-i "${intf}"
		done

is not picking up the second string in the list correctly while the stop code

		for intf in ${INTERFACES}; do
			boot_mesg "Stopping ARP Watch on ${intf}..."
			PIDFILE="/var/run/arpwatch-${intf}.pid" \
				killproc /usr/sbin/arpwatch
		done

is.

EDIT4:
Found out that in my debugging I had set the intf parameter to green0 and I had not removed it after my testing.
Cleared the initscript back to original and tested it with INTERFACES="green0 blue0"
and it works to create both arpwatch-green0.pid and arpwatch-blue0.pid files and both processes can be found running via ps aux
So a statement can be added to the wiki that says for multiple interfaces change the INTERFACES line to a space separated quoted string of the interface names.

Hi @bonnietwin,

I have complete confidence in your expertise and thank you for your input and for all your clarifications. I don’t want to interfere with the wiki by adding errors .

Now that I understand the display peculiarity of the arpwatch service that misled me (I’m not an expert !), I will repeat my tests, strictly following your new information.

Thanks !

I have updated the documentation as well and it should not be reflecting the setup.

If anyone is interested, I made a small script that lists and display the details of the devices monitored by arpwatch ; you can of course modify or adapt this script to your liking.

This script works perfectly with my IPfire CU197 amd64.

To use it :

edit new file and copy the contents of the script into it :
nano /usr/local/bin/arpwatch_devices-list.sh

Script content :

#!/bin/sh
# arpwatch_devices-list.sh
# Displays IP, MAC, manufacturer and last date from arpwatch *.dat files

ARP_DIR="/var/lib/arpwatch"
ETHER_FILE="$ARP_DIR/ethercodes.dat"

for DATFILE in "$ARP_DIR"/*.dat; do
	[ -f "$DATFILE" ] || continue
	echo "=== $DATFILE ==="

	# Extract all unique IPs
	IPs=$(strings -a "$DATFILE" | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | sort -u)

	for ip in $IPs; do
		# Extract lines around the IP
		raw=$(strings -a "$DATFILE" | grep -A5 "$ip")

		# Original MAC (1 or 2 characters per byte) for manufacturer lookup
		mac=$(echo "$raw" | grep -Eoi '([0-9a-f]{1,2}:){5}[0-9a-f]{1,2}' | head -n1)

		# Manufacturer lookup with the original MAC
		oui=$(echo "$mac" | cut -d: -f1-3)
		vendor=$(grep -i "^$oui" "$ETHER_FILE" | cut -f2-)
		[ -z "$vendor" ] && vendor="(unknown)"

		# MAC version for display: two digits per byte
		mac_display=$(echo "$mac" | awk -F: '{for(i=1;i<=6;i++){if(length($i)==1) $i="0"$i; printf("%s%s",$i,(i<6?":":"\n"))}}')

		# Extract a timestamp if present (10 digits)
		ts=$(echo "$raw" | grep -Eo '[0-9]{10}' | awk '{if($1>1500000000 && $1<2200000000) print $1;}' | head -n1)
		if [ -n "$ts" ]; then
			date=$(date -d "@$ts" '+%Y-%m-%d %H:%M:%S')
		else
			date="(not available)"
		fi

		# Final display
		echo "IP : $ip | MAC : $mac_display | Manufacturer : $vendor | Last view : $date"
	done

	echo
done

Make the script executable :

chmod +x /usr/local/bin/arpwatch_devices-list.sh

Running the script :
/usr/local/bin/arpwatch_devices-list.sh

arpwatch1721×664 304 KB

(Mac addresses partially hidden in the screenshot)

How about piping it into column with a | separator for a bit more tarting up? It may not work as you are producing each line separately.

@nickh,

Here is a new version of the script, with some improvements :

#!/bin/sh
# arpwatch_devices-list.sh
# Displays IP, MAC, manufacturer and date from arpwatch *.dat files
ARP_DIR="/var/lib/arpwatch"
ETHER_FILE="$ARP_DIR/ethercodes.dat"

center_text() {
	text="$1"
	width="$2"
	len=${#text}
	if [ "$len" -ge "$width" ]; then
		printf "%s" "$text"
	else
		padding=$(( (width - len) / 2 ))
		printf "%*s%s%*s" "$padding" "" "$text" "$padding" ""
		[ $(( (width - len) % 2 )) -ne 0 ] && printf " "
	fi
}

for DATFILE in "$ARP_DIR"/*.dat; do
	[ -f "$DATFILE" ] || continue
	[ "$(basename "$DATFILE")" = "ethercodes.dat" ] && continue

	echo "=== $DATFILE ==="

	TMP_TABLE=$(mktemp)
	IPs=$(strings -a "$DATFILE" | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | sort -u)
	max_vendor_len=8

	for ip in $IPs; do
		raw=$(strings -a "$DATFILE" | grep -A5 "$ip")
		mac=$(echo "$raw" | grep -Eoi '([0-9a-f]{1,2}:){5}[0-9a-f]{1,2}' | head -n1)
		oui=$(echo "$mac" | cut -d: -f1-3)
		vendor=$(grep -i "^$oui" "$ETHER_FILE" | cut -f2-)
		[ -z "$vendor" ] && vendor="(unknown)"
		[ ${#vendor} -gt $max_vendor_len ] && max_vendor_len=${#vendor}

		mac_display=$(echo "$mac" | awk -F: '{for(i=1;i<=6;i++){if(length($i)==1) $i="0"$i; printf("%s%s",$i,(i<6?":":"\n"))}}')

		ts=$(echo "$raw" | grep -Eo '[0-9]{10}' | awk '{if($1>1500000000 && $1<2200000000) print $1;}' | head -n1)
		if [ -n "$ts" ]; then
			date=$(date -d "@$ts" '+%Y-%m-%d %H:%M:%S')
		else
			date="(not available)"
		fi

		echo "$ip|$mac_display|$vendor|$date" >> "$TMP_TABLE"
	done

	if [ -s "$TMP_TABLE" ]; then
		printf_fmt="%-15s %-20s %-${max_vendor_len}s %-20s\n"

		center_text "IP address" 15; printf " "
		center_text "MAC address" 20; printf " "
		center_text "Manufacturer" $max_vendor_len; printf " "
		center_text "Last view" 20; printf "\n"

		# Numerical sorting on each byte of the IP
		sort -t'.' -n -k1,1 -k2,2 -k3,3 -k4,4 "$TMP_TABLE" | while IFS='|' read -r ip mac vendor date; do
			printf "$printf_fmt" "$ip" "$mac" "$vendor" "$date"
		done
	else
		echo "No results"
	fi

	rm -f "$TMP_TABLE"
	echo
done

arpwatch21264×674 246 KB

Hi,
After countless tests and changes, I can confirm that the system is not sending the email.

Hi,

same for me (the email does not go out or is not received)

Look at the ipfire logs for arpwatch and for the mail system.

That should tell you if arpwatch is sending it, if dma is receiving it and if dma is sending it.

Also remember arpwatch will only send an email if a new system is found so for testing you may need to clear out the appropriate .dat file for the interface being tested.

I’m attaching the log.
It looks like it’s trying to send the email to the user root@xxx.yyy.
I also have other services that send emails via DMA, and those work perfectly.

23:36:35 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 23:36:35 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
23:36:35 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
23:36:35 dma[1c0891.18d5f0e0]: trying delivery
23:30:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 23:30:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
23:30:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
23:30:22 dma[1c0894.236b90e0]: trying delivery
23:15:35 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 23:15:35 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
23:15:35 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
23:15:35 dma[1c0891.18d5f0e0]: trying delivery
23:13:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 23:13:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
23:13:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
23:13:22 dma[1c0894.236b90e0]: trying delivery
23:05:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 23:05:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
23:05:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
23:05:22 dma[1c0894.236b90e0]: trying delivery
23:05:05 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 23:05:05 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
23:05:05 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
23:05:05 dma[1c0891.18d5f0e0]: trying delivery
23:00:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 23:00:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
23:00:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
23:00:22 dma[1c0894.236b90e0]: trying delivery
23:00:05 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 23:00:05 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
23:00:05 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
23:00:05 dma[1c0891.18d5f0e0]: trying delivery
22:54:05 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 22:54:05 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
22:54:05 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
22:54:05 dma[1c0891.18d5f0e0]: trying delivery
22:53:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 22:53:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
22:53:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
22:53:22 dma[1c0894.236b90e0]: trying delivery
22:28:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 22:28:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
22:28:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
22:28:22 dma[1c0894.236b90e0]: trying delivery
22:28:05 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 22:28:05 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
22:28:05 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
22:28:05 dma[1c0891.18d5f0e0]: trying delivery
22:13:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 22:13:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
22:13:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
22:13:22 dma[1c0894.236b90e0]: trying delivery
22:13:05 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 22:13:05 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
22:13:05 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
22:13:05 dma[1c0891.18d5f0e0]: trying delivery
22:05:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 22:05:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
22:05:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
22:05:22 dma[1c0894.236b90e0]: trying delivery
22:05:05 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 22:05:05 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
22:05:05 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
22:05:05 dma[1c0891.18d5f0e0]: trying delivery
22:00:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 22:00:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
22:00:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
22:00:22 dma[1c0894.236b90e0]: trying delivery
22:00:05 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 22:00:05 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
22:00:05 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
22:00:05 dma[1c0891.18d5f0e0]: trying delivery
21:52:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 21:52:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
21:52:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
21:52:22 dma[1c0894.236b90e0]: trying delivery
21:30:34 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 21:30:34 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
21:30:34 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
21:30:34 dma[1c0891.18d5f0e0]: trying delivery
21:25:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 21:25:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
21:25:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
21:25:22 dma[1c0894.236b90e0]: trying delivery
21:13:34 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 21:13:34 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
21:13:34 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
21:13:34 dma[1c0891.18d5f0e0]: trying delivery
21:13:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 21:13:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
21:13:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
21:13:22 dma[1c0894.236b90e0]: trying delivery
21:05:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 21:05:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
21:05:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
21:05:22 dma[1c0894.236b90e0]: trying delivery
21:05:04 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 21:05:04 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
21:05:04 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
21:05:04 dma[1c0891.18d5f0e0]: trying delivery
21:00:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 21:00:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
21:00:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
21:00:22 dma[1c0894.236b90e0]: trying delivery
21:00:04 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 21:00:04 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
21:00:04 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
21:00:04 dma[1c0891.18d5f0e0]: trying delivery
20:39:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 20:39:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
20:39:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
20:39:22 dma[1c0894.236b90e0]: trying delivery
20:34:34 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 20:34:34 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
20:34:34 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
20:34:34 dma[1c0891.18d5f0e0]: trying delivery
20:19:22 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 20:19:22 	dma[1c0894.236b90e0]: 	error creating mbox root’
20:19:22 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
20:19:22 dma[1c0894.236b90e0]: trying delivery
20:16:34 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 20:16:34 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
20:16:34 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
20:16:34 dma[1c0891.18d5f0e0]: trying delivery
20:07:52 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 20:07:52 	dma[1c0894.236b90e0]: 	error creating mbox root’
20:07:52 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
20:07:52 dma[1c0894.236b90e0]: trying delivery
20:05:04 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 20:05:04 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
20:05:04 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
20:05:04 dma[1c0891.18d5f0e0]: trying delivery
20:02:52 dma[1c0894.236b90e0]: local delivery deferred: can not create /var/mail/root' 20:02:52 	dma[1c0894.236b90e0]: 	error creating mbox root’
20:02:52 dma[1c0894.236b90e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
20:02:52 dma[1c0894.236b90e0]: trying delivery
20:02:52 dma[1c0894]: mail to= queued as 1c0894.236b90e0
20:02:52 dma[1c0894]: new mail from user=root uid=8 envelope_from=<>
20:02:52 dma[1c03b8.2360fa80]: delivery failed, bouncing as 1c0894
20:02:52 dma[1c03b8.2360fa80]: remote delivery to mail.xxx.yyy [185.56.$$$.$$$] failed after RCPT TO: 550-Verification failed for ^M 550-The mail server does not recognize root@fwi5.xxx.yyy as a valid sender.^M 550 Sender verify failed
20:02:52 dma[1c03b8.2360fa80]: using SMTP authentication for user fw@xxx.yyy
20:02:52 dma[1c03b8.2360fa80]: Server supports LOGIN authentication
20:02:52 dma[1c03b8.2360fa80]: Server does not support STARTTLS
20:02:52 dma[1c03b8.2360fa80]: Server greeting successfully completed
20:02:52 dma[1c03b8.2360fa80]: SSL initialization successful
20:02:51 dma[1c03b8.2360fa80]: trying remote delivery to mail.xxx.yyy [185.56.$$$.$$$] pref 0
20:02:51 dma[1c03b8.2360fa80]: using smarthost (mail.xxx.yyy:465)
20:02:51 dma[1c03b8.2360fa80]: trying delivery
20:02:51 dma[1c03b8]: mail to= queued as 1c03b8.2360fa80
20:02:51 dma[1c03b8]: new mail from user=root uid=8 envelope_from=
20:00:04 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 20:00:04 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
20:00:04 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
20:00:04 dma[1c0891.18d5f0e0]: trying delivery
19:47:04 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 19:47:04 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
19:47:04 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
19:47:04 dma[1c0891.18d5f0e0]: trying delivery
19:27:04 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 19:27:04 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
19:27:04 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
19:27:04 dma[1c0891.18d5f0e0]: trying delivery
19:19:04 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 19:19:04 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
19:19:04 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
19:19:04 dma[1c0891.18d5f0e0]: trying delivery
19:14:04 dma[1c0891.18d5f0e0]: local delivery deferred: can not create /var/mail/root' 19:14:04 	dma[1c0891.18d5f0e0]: 	error creating mbox root’
19:14:04 dma[1c0891.18d5f0e0]: cannot execute /usr/lib/dma-mbox-create: No such file or directory
19:14:04 dma[1c0891.18d5f0e0]: trying delivery
19:14:04 dma[1c0891]: mail to= queued as 1c0891.18d5f0e0
19:14:04 dma[1c0891]: new mail from user=root uid=8 envelope_from=<>
19:14:04 dma[1c088a.18cb5a80]: delivery failed, bouncing as 1c0891
19:14:04 dma[1c088a.18cb5a80]: remote delivery to mail.xxx.yyy [185.56.$$$.$$$] failed after RCPT TO: 550-Verification failed for ^M 550-The mail server does not recognize root@fwi5.xxx.yyy as a valid sender.^M 550 Sender verify failed
19:14:04 dma[1c088a.18cb5a80]: using SMTP authentication for user fw@xxx.yyy
19:14:04 dma[1c088a.18cb5a80]: Server supports LOGIN authentication
19:14:04 dma[1c088a.18cb5a80]: Server does not support STARTTLS
19:14:04 dma[1c088a.18cb5a80]: Server greeting successfully completed
19:14:04 dma[1c088a.18cb5a80]: SSL initialization successful
19:14:04 dma[1c088a.18cb5a80]: trying remote delivery to mail.xxx.yyy [185.56.$$$.$$$] pref 0
19:14:04 dma[1c088a.18cb5a80]: using smarthost (mail.xxx.yyy:465)
19:14:04 dma[1c088a.18cb5a80]: trying delivery
19:14:04 dma[1c088a]: mail to= queued as 1c088a.18cb5a80
19:14:04 dma[1c088a]: new mail from user=root uid=8 envelope_from=
12:45:03 dma: can not open auth file /var/ipfire/dma/auth.conf': Permission denied 12:40:57 	dma: 	can not open auth file /var/ipfire/dma/auth.conf’: Permission denied
12:38:41 dma: can not open auth file /var/ipfire/dma/auth.conf': Permission denied 12:38:41 	dma: 	can not open auth file /var/ipfire/dma/auth.conf’: Permission denied
```

This is saying the email address was not recognised by the server it was being sent to.

I am not totally sure but it might be related to a patch that has been raised in next with the commit message:

arpwatch invokes sendmail without passing the envelope sender
explicitely. This causes that mails can get rejected if the From: header
does not match the envelope sender.

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=c2eba600d753df95a81707f7da0ab172ed864ab0

I also have found comments that say this message gets sent by the mail server being used when the name in the from From: field differs from the actual mailbox account name. That is why I think it may be related to the patch fix that has been merged into Next.

In the interim try changing the email address in your arpwatch config file to the actual mailbox account email address, ie replace the root part in root.fwi5.xxx.yyy with the actual account name you use with your email server.

I think it looks like a typo with a trailing ’ after root, so root’?

As mentioned, the DMA service is used by other services and works very well.
I checked the configuration, but it appears to be correct.

errore633×357 25 KB

Those errors are to do with trying to create a local mailbox in /var/mail/ but for some reason it fails. Looking in my logs I was getting that before I installed the arpwatch addon.

The message in my log is

11:00:01 dma[1a0761.a6b0a90]: error creating mbox `root’

so there is an extra quote.

For the sending of the mail from arpwatch via dma, I installed arpwatch, set up the same email to send to for the WATCHER as I use for the mail recipient in the Mail Service WUI page.

I then restarted arpwatch and then started up a new machine on the network, that was not in the list and after 15 minutes (arpwatch pools every 15 minutes) the .dat file was updated with the new entry and I received an email with the information.

Screenshot_2025-09-22_11-20-46568×294 20.9 KB

I am using a local mail server for all messages within my local network and it does not have sender verification set up.
I checked the source of the email I received and the sender-from address and the From: address are not the same

(envelope-from root@fqdn-of-ipfire)
From: WATCHEE-email-address

If your email server being used is doing sender verification then the above would fail as these two would be expected to match.

So I believe you need to set the WATCHEE email address in your arpwatch config file to root@fqdn-of-your-ipfire to make it work, but I could also be wrong and you might need to wait for the patch fix release version.

I will try and test out if I set the WATCHEE to root@fqdn-of-ipfire does it then give the sender envelope and From: as the same.
EDIT:
I just ran the test and it matched the two names perfectly for me. So try setting your WATCHEE setting to root@fqdn-of-your-ipfire that should make your sender envelop the same as the From: address and might work with your mail server.