Mailclient autoconfiguration: Difference between revisions
No edit summary |
(→Apache) |
||
(16 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
= Providing autoconfiguration for mail clients = | = Providing autoconfiguration for mail clients = | ||
This article explains a solution for autoconfiguration for a set of mail clients which can be configured against a mail system automatically by just entering email address and password. There are three widely used approaches based on Microsoft's autodiscover, [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration Mozilla's autoconfig], and iOS/MacOS provisioning which are relevant to support detecting IMAP and SMTP for client configuration. | This article explains a solution for autoconfiguration for a set of mail clients which can be configured against a mail system automatically by just entering email address and password. There are three widely used approaches to do this via a self hosted lookup method, based on Microsoft's autodiscover, [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration Mozilla's autoconfig], and iOS/MacOS provisioning which are relevant to support detecting IMAP and SMTP server details for client configuration. Another option is solely based on DNS SRV discovery ([https://tools.ietf.org/html/rfc6186 RFC 6186]). | ||
Autodiscover and autoconfig are based on XML schemas. Therefore for very simple deployments it might even be enough to serve some static XML files for both usecases. Please see the respective vendor standard documentation for more details. | |||
In this article we show how to deploy a simple autoconfiguration service based on the open source solution [https://automx.org/en/ automx]. | |||
== Preparations == | |||
The autoconfiguration protocols use several ways to find the XML provided later by automx. In the following section there is listed in which order the protocols are looking for the XML. Depending where you would like to serve the XML files you can choose from those options. | |||
The domain example.org as in those examples are the ones taken from the entered email address. | |||
=== autoconfig === | |||
# http://autoconfig.example.org/mail/config-v1.1.xml | |||
# http://example.org/.well-known/autoconfig/mail/config-v1.1.xml | |||
=== autodiscover === | |||
# https://example.org/autodiscover/autodiscover.xml | |||
# https://autodiscover.example.org/autodiscover/autodiscover.xml | |||
# DNS SRV lookup for autodiscover.tcp.example.org | |||
=== DNS SRV === | |||
A DNS SRV entry for autodiscover would look like this: | |||
_autodiscover._tcp IN SRV 0 0 443 $HOSTNAME.example.org. | |||
The following DNS SRV records can be used to provide configuration hints for mail clients supporting RFC 6186: | |||
_submission._tcp SRV 0 1 587 mail.example.org. | |||
_imap._tcp SRV 2 1 143 imap.example.org. | |||
_imaps._tcp SRV 1 1 993 imap.example.org. | |||
_pop3._tcp SRV 4 1 110 pop3.example.org. | |||
_pop3s._tcp SRV 3 1 995 pop3.example.org. | |||
== automx == | |||
=== Installation === | |||
Please note, the current versions of automx2 do neither support DAV nor the OX service extensions for autodiscover. It currently only supports IMAP and SMTP services. | |||
For manual installation please refer to the [https://automx.org/en/#download automx download instructions]. | |||
RPM packages for SUSE and RHEL flavours are provided by the [https://software.opensuse.org/package/automx Open Build Service]. Those packages are currently version 0.10.2 with the above patches applied and are working with Python 2. | |||
=== Configuration === | |||
==== automx ==== | |||
Please find detailed documentation via '''man automx.conf''' and for more dynamic setups automx_script, automx_ldap and automx_sql. | |||
/etc/automx.conf: | |||
<nowiki> | |||
[automx] | |||
provider = example.org | |||
domains = example.org, example.com | |||
debug = no | |||
logfile = /var/log/automx/automx.log | |||
# Protect against DoS | |||
memcache = 127.0.0.1:11211 | |||
memcache_ttl = 600 | |||
client_error_limit = 20 | |||
rate_limit_exception_networks = 127.0.0.0/8, ::1/128 | |||
# The DEFAULT section is always merged into each other section. Each section | |||
# can overwrite settings done here. | |||
[DEFAULT] | |||
account_type = email | |||
account_name = example Mail | |||
account_name_short = example Mail | |||
# If a domain is listed in the automx section, it may have its own section. If | |||
# none is found here, the global section is used. | |||
[global] | |||
backend = static | |||
action = settings | |||
# EAS (mobilesync) | |||
server_url = https://eas.example.org | |||
server_name = example | |||
# If you want to sign mobileconfig profiles, enable these options. Make sure | |||
# that your webserver has proper privileges to read the key. The cert file | |||
# must contain the server certificate and all intermediate certificates. You | |||
# can simply concatenate these certificates. | |||
#sign_mobileconfig = yes | |||
#sign_cert = /path/to/cert | |||
#sign_key = /path/to/key | |||
smtp = yes | |||
smtp_server = mail.example.org | |||
smtp_port = 587 | |||
smtp_encryption = starttls | |||
smtp_auth = plaintext | |||
smtp_auth_identity = %s | |||
smtp_refresh_ttl = 6 | |||
smtp_default = yes | |||
imap = yes | |||
imap_server = mail.example.org | |||
imap_port = 993 | |||
imap_encryption = ssl | |||
imap_auth = plaintext | |||
imap_auth_identity = %s | |||
imap_refresh_ttl = 6 | |||
pop = yes | |||
pop_server = mail.example.org | |||
pop_port = 995 | |||
pop_encryption = ssl | |||
pop_auth = plaintext | |||
pop_auth_identity = %s | |||
pop_refresh_ttl = 6 | |||
carddav = yes | |||
carddav_server = https://dav.example.org/ | |||
carddav_auth_identity = %s | |||
caldav = yes | |||
caldav_server = https://dav.example.org/ | |||
caldav_auth_identity = %s | |||
ox = yes | |||
ox_server = https://ox.example.org/ | |||
ox_auth_identity = %s | |||
follow = imap_starttls | |||
[imap_starttls] | |||
backend = static_append | |||
imap = yes | |||
imap_server = mail.example.org | |||
imap_port = 143 | |||
imap_encryption = starttls | |||
imap_auth = plaintext | |||
imap_auth_identity = %s | |||
imap_refresh_ttl = 6 | |||
</nowiki> | |||
==== Apache ==== | |||
e.g. /etc/{apache2,httpd}/conf.d/automx.conf: | |||
<nowiki> | |||
<IfModule mod_wsgi.c> | |||
WSGIChunkedRequest On | |||
WSGIScriptAliasMatch \ | |||
(?i)^/.+/(autodiscover|config-v1.1).xml \ | |||
/usr/lib/automx/automx_wsgi.py | |||
WSGIScriptAlias \ | |||
/mobileconfig \ | |||
/usr/lib/automx/automx_wsgi.py | |||
<Directory "/usr/lib/automx"> | |||
Require all granted | |||
</Directory> | |||
</IfModule> | |||
</nowiki> | |||
In case the iOS/MacOS web provisioning should be provided there should also be a /etc/{apache2,httpd}/conf.d/automx-web.conf: | |||
<nowiki> | |||
Alias /automx "/usr/share/automx/" | |||
<Directory "/usr/share/automx"> | |||
Options Indexes MultiViews | |||
Require all granted | |||
</Directory> | |||
</nowiki> | |||
== Related links == | |||
[[Caldav_carddav_Bundles#Autodiscovery|DAV autodiscovery]] | |||
[[Category: Clients]] | [[Category: Clients]] | ||
[[Category: Administrator]] | [[Category: Administrator]] |
Latest revision as of 10:20, 28 January 2021
Providing autoconfiguration for mail clients
This article explains a solution for autoconfiguration for a set of mail clients which can be configured against a mail system automatically by just entering email address and password. There are three widely used approaches to do this via a self hosted lookup method, based on Microsoft's autodiscover, Mozilla's autoconfig, and iOS/MacOS provisioning which are relevant to support detecting IMAP and SMTP server details for client configuration. Another option is solely based on DNS SRV discovery (RFC 6186).
Autodiscover and autoconfig are based on XML schemas. Therefore for very simple deployments it might even be enough to serve some static XML files for both usecases. Please see the respective vendor standard documentation for more details.
In this article we show how to deploy a simple autoconfiguration service based on the open source solution automx.
Preparations
The autoconfiguration protocols use several ways to find the XML provided later by automx. In the following section there is listed in which order the protocols are looking for the XML. Depending where you would like to serve the XML files you can choose from those options.
The domain example.org as in those examples are the ones taken from the entered email address.
autoconfig
- http://autoconfig.example.org/mail/config-v1.1.xml
- http://example.org/.well-known/autoconfig/mail/config-v1.1.xml
autodiscover
- https://example.org/autodiscover/autodiscover.xml
- https://autodiscover.example.org/autodiscover/autodiscover.xml
- DNS SRV lookup for autodiscover.tcp.example.org
DNS SRV
A DNS SRV entry for autodiscover would look like this:
_autodiscover._tcp IN SRV 0 0 443 $HOSTNAME.example.org.
The following DNS SRV records can be used to provide configuration hints for mail clients supporting RFC 6186:
_submission._tcp SRV 0 1 587 mail.example.org. _imap._tcp SRV 2 1 143 imap.example.org. _imaps._tcp SRV 1 1 993 imap.example.org. _pop3._tcp SRV 4 1 110 pop3.example.org. _pop3s._tcp SRV 3 1 995 pop3.example.org.
automx
Installation
Please note, the current versions of automx2 do neither support DAV nor the OX service extensions for autodiscover. It currently only supports IMAP and SMTP services.
For manual installation please refer to the automx download instructions.
RPM packages for SUSE and RHEL flavours are provided by the Open Build Service. Those packages are currently version 0.10.2 with the above patches applied and are working with Python 2.
Configuration
automx
Please find detailed documentation via man automx.conf and for more dynamic setups automx_script, automx_ldap and automx_sql.
/etc/automx.conf:
[automx] provider = example.org domains = example.org, example.com debug = no logfile = /var/log/automx/automx.log # Protect against DoS memcache = 127.0.0.1:11211 memcache_ttl = 600 client_error_limit = 20 rate_limit_exception_networks = 127.0.0.0/8, ::1/128 # The DEFAULT section is always merged into each other section. Each section # can overwrite settings done here. [DEFAULT] account_type = email account_name = example Mail account_name_short = example Mail # If a domain is listed in the automx section, it may have its own section. If # none is found here, the global section is used. [global] backend = static action = settings # EAS (mobilesync) server_url = https://eas.example.org server_name = example # If you want to sign mobileconfig profiles, enable these options. Make sure # that your webserver has proper privileges to read the key. The cert file # must contain the server certificate and all intermediate certificates. You # can simply concatenate these certificates. #sign_mobileconfig = yes #sign_cert = /path/to/cert #sign_key = /path/to/key smtp = yes smtp_server = mail.example.org smtp_port = 587 smtp_encryption = starttls smtp_auth = plaintext smtp_auth_identity = %s smtp_refresh_ttl = 6 smtp_default = yes imap = yes imap_server = mail.example.org imap_port = 993 imap_encryption = ssl imap_auth = plaintext imap_auth_identity = %s imap_refresh_ttl = 6 pop = yes pop_server = mail.example.org pop_port = 995 pop_encryption = ssl pop_auth = plaintext pop_auth_identity = %s pop_refresh_ttl = 6 carddav = yes carddav_server = https://dav.example.org/ carddav_auth_identity = %s caldav = yes caldav_server = https://dav.example.org/ caldav_auth_identity = %s ox = yes ox_server = https://ox.example.org/ ox_auth_identity = %s follow = imap_starttls [imap_starttls] backend = static_append imap = yes imap_server = mail.example.org imap_port = 143 imap_encryption = starttls imap_auth = plaintext imap_auth_identity = %s imap_refresh_ttl = 6
Apache
e.g. /etc/{apache2,httpd}/conf.d/automx.conf:
<IfModule mod_wsgi.c> WSGIChunkedRequest On WSGIScriptAliasMatch \ (?i)^/.+/(autodiscover|config-v1.1).xml \ /usr/lib/automx/automx_wsgi.py WSGIScriptAlias \ /mobileconfig \ /usr/lib/automx/automx_wsgi.py <Directory "/usr/lib/automx"> Require all granted </Directory> </IfModule>
In case the iOS/MacOS web provisioning should be provided there should also be a /etc/{apache2,httpd}/conf.d/automx-web.conf:
Alias /automx "/usr/share/automx/" <Directory "/usr/share/automx"> Options Indexes MultiViews Require all granted </Directory>