|GNARWL(8)||System Manager's Manual||GNARWL(8)|
gnarwl - GNU Neat Autoreply With LDAP
gnarwl [-h] [-c <cfgfile>] [-a <address>] [-s <address>]
gnarwl is an email autoresponder, intended to be a successor to the old vaction(1) program. Since a modern mailserver, usually serves hundreds (or even thousands) of mailaccounts, it is not sensible to give (untrusted) users shell access so they may create/maintain the .forward file, required by vacation(1).
With gnarwl , all user-suplied data is stored within an LDAP database, so there are no per user ".forward" files (or even homedirs) needed. Configuration is conveniently done via one systemwide configfile.
Like the old vacation(1) program, gnarwl accepts incoming mail through stdin, and will send outgoing mail via an external MTA (it even maintains basic commandline compatibility, so it may be used as a drop in replacement).
Several gdbm databases are maintained, in order to make sure, a) mail does not bounce back and force between gnarwl and another automated MUA, b) mailing lists will not be bothered and c) specific local addresses may never produce automatic replies. All these database files may be managed using the damnit(8) program.
gnarwl typically uses one global configurationfile, but a per user setup is also possible using the -c commandline switch. The following keywords are recognized in the configfile:
- map_sender <macroname>
- Binds a macroname (case insensitive), referring to the sender of an incoming email. Defaults to "$sender".
- map_receiver <macroname>
- Binds a macroname (case insensitive), referring to the receiver(s) of an incoming email. Defaults to "$receiver".
- map_subject <macroname>
- Binds a macroname (case insensitive), referring to the subject of an incoming email. Defaults to "$subject".
- map_field <ldapattribute> <macroname>
- Binds a macroname (case insensitive), referring to a field in the resultset, returned by the database. There are no defaults for this directive.
- server_uri <ldap_uri [ldap_uri ...]>
- URI of the databaseserver to query. Multiple URIs can be specified. No default value.
- starttls <0|1>
- Enforce StartTLS on connect. Defaults to 0.
- ca_cert </path/to/certificate>
- Use specified CA cert to validate ldap server certificate. No default value.
- server <address>
- Address of the databaseserver to query. Defaults to localhost.
- port <portnumber>
- Port, the LDAP server listens on. Defaults to 389.
- scope <base|one|sub>
- The scope used for searching the database. Default is "sub".
- login <string>
- Destinguished name to bind with to the LDAP database. Default is to bind anonymously.
- password <string>
- Password to use for binding to the LDAP database. If a password is required to access the server, then the configfile should belong to the gnarwl user and have file permission 0400.
- base <destinguished name>
- Entrypoint of the search. There is no default for this directive, it must be supplied by the administrator.
- protocol <2|3>
- Select protocol to bind to the ldapserver. The default is 3.
- queryfilter <ldap queryfilter>
- Search pattern to match against the database. Defaults to: "(&(mail=$recepient)(vacationActive=TRUE)".
- result <ldap attribute>
- The name of the attribute, that is to be taken as the emailbody. The content of this field will be pasted in between the data found via forceheader and forcefooter directives. Afterwards all remaining macros are expanded in the order of declaration, and the result will be piped through to the MTA.
- blockfiles <directory>
- The directory, where gnarwl stores it's blockfiles. These files are required to keep track on who was sent an automatic reply. Default is: "/var/lib/gnarwl/block/".
- umask <mode>
- What permission to give newly generated database files. The default is 0600.
- blockexpire <number>
- How long (in hours) to block a certain sender/recepient combo. Default is 48 hours. Setting <number> to 0 disables the feature (not recommended). No blockfiles are read/written in this case.
- maxreceivers <number>
- Ignore incoming email, specifying too many receiving addresses. It does not matter, whether these are local or not, as gnarwl doesn't know domains. Default is 256.
- maxheader <number>
- Ignore incoming email with more than this number of header lines. Lines are counted before unfolding them, so a folded line really counts as at least two lines. Default is 256.
- badheaders <filename>
- Path to a database file, containing matching patterns for the mailheader. If an entry stored in this file matches a line in the header exactly, then this mail will be ignored by gnarwl . (useful to avoid sending automatic replies to mailing lists). This feature is deactivated by default.
- blacklist <filename>
- Pointer to a database file, containing emailaddresses, gnarwl is not allowed to generate automatic replies for (useful to prevent automatic replies from addresses, which are shared by several people). This feature is deactivated by default.
- forceheader <filename>
- Path to a text file, containing a standardized header, that is to be pasted in front of every outgoing mail. This file should end with a single empty line. Otherwise it is assumed, that the users are allowed to continue the header and will provide the separating empty line themselves. Default is not to force anything (that is: The user has to supply the header in the "result" attribute).
- Path to a text file, containing a standardized footer, that is to be appended at the end of every generated mail. Default is to not to force anything.
- mta <prog> [<args>]
- Specify MTA for sending mail. It must be able to accept mail on STDIN. Default is "/usr/sbin/sendmail".
- charset <encoding>
- LDAP stores text in unicode, which is ok, as long as outgoing mail doesn't contain any non ASCII characters. However, locale specific characters (like german umlaute) end up as strange glyphs. With the "charset" directive, gnarwl tries to convert these to the correct symbols. The <encoding> argument must contain a string recognized by iconv(3). Default is not to try to convert anything (assume US-ASCII charset / MIME encoded mail).
- recvheader <string>
- A whitespace separated list of headers (case does not matter), which may contain receiving addresses. Defaults to: "To Cc".
- loglevel <0|1|2|3>
- Specifies what to send to the syslog. A higher loglevel automatically includes all lower loglevels (see section syslog for more information).
- deref <never|search|find|always>
- Controls what LDAP alias dereferencing will be performed. Default is "find".
Since gnarwl is not meant to be invoked by anything but the mailsystem, it'll never print out messages to the systemconsole, but logs them via syslog(3), using the facility "mail". A log line is always of the following format:
The <level> field indicates the severity of the message, it corresponds to the "loglevel" config directive. Possible values are:
- CRIT (loglevel 0)
- Critical messages. gnarwl cannot continue and will die with a non-zero exit code. This usually causes the mailsystem to bounce mail.
- WARN (loglevel 1)
- A warning. gnarwl can will continue, but not with the full/intended functionality.
- INFO (loglevel 2)
- Status information. A message in the INFO loglevel indicates normal behaviour.
- DEBUG (loglevel 3)
- Debugging information. gnarwl will log a lot of information on how mail is processed.
The <origin> field gives a short hint about what caused the log entry in question, while <message> contains a short description of what actually happened.
Patrick Ahlbrecht <firstname.lastname@example.org>