HOWTO: on vacation autoreply with Postfix/LDAP and Gnarwl

If your users are asking for an autoreply feature when they’re on vacation, and you are currently using postfix as MTA with a LDAP backend for authentication, IMO the best solution is to use Gnarwl and configure it following these simple steps:

  • download the most recent Gnarwl’s tarball in a place of choice
  • unpack it and install it with
    make install
    make perm

    this will install Gnarwl under /usr/local and do all the dirty work (creating the gnarwl local user for example, check your /etc/passwd )
  • edit /usr/local/etc/gnarwl.cfg to look like this:
    map_sender $sender
    map_receiver $recepient
    map_subject $subject
    map_field $fullname cn
    port 389
    scope sub
    protocol 3
    base ou=Users,dc=YOURCOMPANY,dc=com
    queryfilter (&(mail=$recepient)(vacationActive=active))
    result vacationInfo
    blockfiles /usr/local/var/lib/gnarwl/block/
    umask 0644
    blockexpire 6
    mta /usr/sbin/sendmail -t $recepient
    maxreceivers 64
    maxheader 512
    charset ISO8859-15
    badheaders /usr/local/var/lib/gnarwl/badheaders.db
    blacklist /usr/local/var/lib/gnarwl/blacklist.db
    forceheader /usr/local/var/lib/gnarwl/header.txt
    forcefooter /usr/local/var/lib/gnarwl/footer.txt
    recvheader To Cc

    vacationActive and vacationInfo are two attibutes that have to exist in the LDAP schema you’re using for your users. Obviously you can use whatever attribute you prefer, you simple have to literally change the vacationActive/vacationInfo in this config with your own attributes, keeping in mind that vacationActive is used to check if autoreply is enabled or not for that particular user and vacationInfo it’s the text that is being used as a reply (note: you can use CR/LF in it, to obtain a multiline text). The other parameter that deserves a comment is blockexpire: here you can put the amount of time (in hours) during wich an autoreply to the same sender will not be sent. For example, if tries to send a mail to, he will receive the vacation message. But, as in our config example, john sends another message within 3 hours, he won’t get any message at all. He has to wait 3 more hours to get notified again (blockexpire was set to 6 hours, remember)
  • as the doc/INSTALL file in Gnarwl says, the quick-and-dirty way to enable Gnarwl in a postfix installation (this is the method I’m using, too :) is to edit /etc/postfix/ and simply add the linealways_bcc=gnarwlThis works by delivering every message to the local gnarwl user (even if you are in a virtual environment), which has a .forward file that pipes everything to the gnarwl binary program, which takes care of everything
  • Now, the final step: to activate the vacation message for one of your customer, simply edit your LDAP data, add a vacationActive attribute with an “active” value to the user you want, and add vacationInfo with the text you want. That’s all.

For more info and more detailed configuration instructions, please refer to the doc/INSTALL file in your gnarwl tarball.


26 thoughts on “HOWTO: on vacation autoreply with Postfix/LDAP and Gnarwl

  1. Thanks for the tip about CR/LF in gnarwl, I hadn’t tried it yet, but checked google for gnarwl and cr. Your blog was the first that came up. Now at least I can code the php interface without thinking it was in vain

  2. Thanks to you for your comment :)
    One more thing I’ve noticed while using the autoreply with CR/LF: using PhpLDAPAdmin I can copy&paste multilines text only with Firefox under Linux, it doesn’t work with the Windows version, it pastes only the first line.

  3. I’m coding a PHP frontend this afternoon with a multiline textbox…Not sure if it’s going to work, but I’ll let you know. I’m the sysadmin at an ISP and I’m coding a customer side form. I’ll be damned if I’d modify through ldapadmin for every customer ;)

  4. It does indeed work. An HTML textbox as the input, and modifying the LDAP attribute with it works perfectly.

  5. Hi

    Thanks for the doc. I have found an issue though that I hope you can help with. The always_bcc is processed prior to an alias being resolved to its real mailbox address.

    When an email is sent to an alias gnawrl uses the alias name for the ldap lookup and as the alias does not have the vacationActive parameter set it returns no match.

    The alias is then resolved to the real mailbox and the mail delivered but no ldap lookup is done against the real mailbox.

    hope this make sense and you can help


  6. Good point! You’re right, this happens to me as weel, but I’ve never discovered it until you pointed it out. So, I have no answer for you right now, I’ll investigate it a bit and I’ll update the post in the case I find a solution.

    Thanks for your comment :)

  7. To address the alias resolving problem I’m using the recipient_bcc_maps option The map performs a LDAP lookup which checks for the vacationActive attribute as well as alternate recipients addresses (query_filter). A successful query returns the users mail attribute (result_attribute) . The incoming message is bcc’d to a virtual autoreply.yourdomain subdomain (result_format = %u@autoreply.yourdomain). A postfix transport map (autoreply.yourdomain gnawrl:yourdomain) then forwards the message to gnarwl which is defined as an pipe interface in The recipient address to be processed by gnarwl (query_filter) is explicitly set with “-a ${user}@${nexthop}” (argv) in In this case the address matches the users mail attribute in LDAP.

    I hope this probably short howto is of any help…

    • The other option is just to include the aliases in the LDAP filter as well, as such:

  8. So,
    Anybody has written a web interface to update users to set their vacation messages? It will be great to see a download link for such page in this tutorial also..

  9. I do have one for our intranet. I’m planning to adapt it a little bit for public consumption and then release it here. It’s just a little dirty PHP script and nothing more, but it works :)

  10. Hello all,

    I am having trouble with the gnarwl search filter, can anyone help?

    I am using the following search criteria:

    queryfilter (&(audio=$recepient)(vacationActive=TRUE))

    I get the following in the mail.log:

    gnarwl[9599]: DEBUG/MAIL Code: 6 MessageID:
    gnarwl[9599]: DEBUG/LDAP No match: (

    Does anyone know why this occurs?

  11. hm, strong emphasis is not so strong in my last post :?
    you had recEpient, maybe that just doesn’t match the ldap field name …

  12. Regarding the alias issue – you could probably tailor the queryfilter (&(mail=$recepient)(vacationActive=active)) so that is searches for $recipient in mail or also the attribute used for aliases (e.g. I use maildrop). I’m about to try setting up gnarwl with LDAP so I’ll post back how I went. I’m thinking this might work:


  13. Thanks to the howto and the comments on this page (and a lot of head scratching), I managed to get gnarwl working.

    I still have a problem though. If I send an email to two adresses that have autoreply active, I only get the autoreply from the first adresse, not both. Anyone else seen this ?

  14. Hi I have a question, I installed gnarwl v 3.3, every things work well, but I have a problem, when I set the vacation form my the user A, and user B send an email to user A, user B have a bounce with vacation, but user A have bounce too.
    It’s possible send bounce only for the user B ???

    thanks in advance

    • @Gabriele (and others asking): I think you cannot do this, at least without patching and recompiling gnarwl, AFAIK. I will be happy if proven wrong :)

  15. hello man:

    Well I’m tried config postfix, ldap, dovecot and gnarwl but I received some message like as:
    fatal: ldap:transport(0,lock|fold_fix): table lookup problem
    In my transport file have the next lines:
    .autoreply gnarwl:
    and at my file have the next line:
    gnarwl unix – n n – – pipe
    flags=F user=vmail argv=/usr/local/bin/gnarwl -a ${user}@${nexthop} -s ${sender}

    Can you help me ?

  16. Configured an SMTP client for encryption and SASL auth to a relay host but get
    the following error
    Relay access denied (in reply to RCPT TO command))

  17. hello, i have a problem with gnarwl. Every time i try to start gnarwl i get the message :gnarwl[]: DEBUG/MAIL Code: 128 MessageID: No ID found. Any suggestions?

  18. Can anybody help me with this error,

    Postfix says,
    postfix/local[898]: warning: unable to create lock file /usr/bin/gnarwl.lock: Permission denied

    postfix/local[898]: 8F9256041A9: to=, relay=local, delay=0.2, delays=0.14/0.01/0/0.05, dsn=5.2.0, status=bounced (cannot append message to file /usr/bin/gnarwl: cannot open file: Permission denied)

    I’m running gnarwl on,
    # lsb_release -a
    No LSB modules are available.
    Distributor ID: Debian
    Description: Debian GNU/Linux 6.0.3 (squeeze)
    Release: 6.0.3
    Codename: squeeze

    Thank you in advance.

  19. Dear Sir, thanks for such a good document, but i need to apply vacation and forwarding together. I need to know what configuration i need to do in postfix for that

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s