Don't miss out on new posts! Sign up!

Arpwatch SMTP configuration

One of the more obscure sources of information when configuring arpwatch is arpwatch SMTP configuration.  There are so many flavors of linux and SMTP servers, how can you easily setup a vanilla SMTP mechanism to shoot out your arpwatch notifications?

In the second part of the arpwatch series (see part 1 here), I wanted to share with you guys what I used to get arpwatch notifications up and running as well as send the notification emails to my gmail account using port 587.


Arpwatch SMTP Configuration


The easiest small footprint SMTP engine I found for my Ubuntu installation was SSMTP.  You can install SSMTP by the following command in Ubuntu:

sudo apt-get install ssmtp

Once you have installed SSMTP, we need to edit the config file located at:


Below is a sample configuration that you might see for Gmail:

# Config file for sSMTP sendmail
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
[email protected]

# The place where the mail goes. The actual machine name is required no 
# MX records are consulted. Commonly mailhosts are named

# Where will the mail seem to come from?

# The full hostname

# Use SSL/TLS before starting negotiation

# Username/Password
[email protected]

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address

Setting up accounts:

Then to map local system accounts to the email addresses they need to send to:


A sample of how your file might look:

# sSMTP aliases
# Format:   local_account:outgoing_address:mailhub
# Example: root:[email protected]:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.

root:[email protected]


To test mailflow using SSMTP, you can use the following command:

$ echo test | mail -v -s "testing ssmtp setup" [email protected]

Note if you are running this in Ubuntu, you may need to install the mailutils package by running the following:

sudo apt-get install mailutils

Once you install mailutils and run the test script above, you should receive your test email.  Keep in mind that you will need to make sure that your firewall rules allow outbound port 587.

Once you receive the test email, you are ready to configure arpwatch for sending to your Gmail account.

Arpwatch config

Edit the following file:


Add your config for your interface, subnet, and email address you want to send to:

eth0 -a -n -m [email protected]
eth1 -a -n -m
eth2 -a -n -m [email protected]

After following the steps above – installing SSMTP, configuring, arpwatch, and configuring, you should be able to receive notifications for new hosts/changed MAC/IP mappings on your networks:

hostname: test1
ip address:
interface: eth0
ethernet address: 00:11:22:33:44:55
ethernet vendor: VMware
timestamp: Thursday, February 25, 2016 9:54:47 -0600

How does Arpwatch know to use ssmtp for sending email?

If you don’t see anything in the config file above specifying the use of ssmtp, you are correct.  Arpwatch inherently will use the program specified at the /usr/sbin/sendmail symlink (this is location in Ubuntu).  After installing ssmtp, you can edit the /usr/sbin/sendmail symlink and you will see it populated with ssmtp.  Each time it attempts to send email, it utilizes the symlink and executes ssmtp to send email.

Final Thoughts

Arpwatch is a great tool for monitoring network traffic.  The most tricky part is arpwatch smtp configuration.  Hopefully the above steps will help to get your configuration up and running and monitoring MAC/IP quickly.

Part 1 – Arpwatch Home Network Monitor

Don't miss out on new posts! Sign up!

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles


  1. Quick question. How does arpwatch know to use ssmtp to actually send the emails? ssmtp is not a service, and doesn’t listen for connections – you have to run it from the command line. Nowhere in the arpwatch config file does it say to ‘use’ ssmtp.

    1. Arpwatch uses the builtin functionality to use the /usr/sbin/sendmail link to send mail messages. After you install ssmtp, if you look at the symlink for “sendmail under /usr/sbin, it is populated with “ssmtp”. Each time Arpwatch fires off an email message, it launches ssmtp at that point.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.