Difference between revisions of "EmailAutoDiscover"

From Leaky
Jump to: navigation, search
m (Added to email category)
(Hostnames required)
 
(2 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
https://github.com/jamesiarmes/php-ews/wiki/Autodiscovery
 
https://github.com/jamesiarmes/php-ews/wiki/Autodiscovery
  
It is unlikely that autodiscover can be configured without a valid SSL certificate for the domain in the email address. Implementing a mass-hosting version of autodiscover would be prohibitively expensive due to this. It would however be possible to configure it on a per-domain basis provided the SSL certificate is purchased (or a self-signed one is installed on all client machines - Would this work?)
+
http://technet.microsoft.com/en-us/library/cc511507%28v=office.14%29.aspx#AutodiscoverXMLSchema
 +
 
 +
https://bugzilla.mozilla.org/show_bug.cgi?id=521538
 +
 
 +
http://www.emaildiscussions.com/showthread.php?t=62769
  
 
[[Category:Email]]
 
[[Category:Email]]
 +
 +
== Hostnames required ==
 +
 +
In the following examples, $maildomain is the domain from the email address being configured. $securedomain is a host or domain that we have an SSL certificate for. Due to the way the autodiscover works, autodiscover.$hostdomain needs to have a different IP to $securedomain
 +
 +
autoconfig.$hostdomain should be an IP that has no HTTPS service.
 +
$securedomain doesn't have to contain $hostdomain or $maildomain
 +
 +
 +
autoconfig.$maildomain (CNAME to autoconfig.$hostdomain)
 +
 +
* Used by Thunderbird to configure email. You can configure custom mail server names using a script to query the email address.
 +
* SSL certificate not required for this hostname.
 +
 +
autodiscover.$maildomain (CNAME to autoconfig.$hostdomain)
 +
 +
* Use a CNAME in $maildomain for autoconfig.$customerdomain pointing to autodiscover.daily.co.uk
 +
* IP address must NOT allow access via HTTPS so that it uses http and follows redirect to $securedomain without giving an SSL warning.
 +
* SSL certificate not required for this hostname.
 +
 +
$securedomain is for after the redirect
 +
 +
* No CNAME required for this one, but SSL certificate is required.
 +
 +
 +
== $maildomain DNS ==
 +
 +
autoconfig        IN CNAME  autoconfig.$hostdomain.
 +
autodiscover      IN CNAME  autoconfig.$hostdomain.
 +
_autodiscover._tcp IN SRV    0 1 80 autoconfig.$maildomain.
 +
 +
There are other SRV records which may be setup as per [https://tools.ietf.org/html/rfc6186 RFC 6186].
 +
 +
_imap._tcp        IN SRV    10 1 143 imap.$hostdomain.
 +
_imaps._tcp        IN SRV    0 1 993 imap.$hostdomain.
 +
# pop3 has a higher priority value which results in imap being preferred
 +
_pop3._tcp        IN SRV    10 1 110 pop.$hostdomain.
 +
_pop3s._tcp        IN SRV    10 1 995 pop.$hostdomain.
 +
 +
_submission._tcp  IN SRV    0 1 587 mail.$hostdomain.
 +
 +
In the event that POP3 and IMAP are not available (e.g SSL variants only), use something like the following:
 +
 +
_imap._tcp        IN SRV    0 0 0 .
 +
_pop3._tcp        IN SRV    0 0 0 .
 +
 +
''There is no evidence that any clients use these SRV records yet.''
 +
 +
== Windows Outlook 2007/2010/2013 ==
 +
 +
Outlook 2010
 +
 +
# Query https://autodiscover.$maildomain/autodiscover/autodiscover.xml (this needs to fail because https blocked)
 +
# Query http://autodiscover.$maildomain/autodiscover/autodiscover.xml
 +
# Get redirected to https://$securedomain/autodiscover/autodiscover.xml
 +
# Prompts for allowing that url to configure mail client
 +
 +
For example, if we have an SSL certificate for www.bocks.com, we can setup a redirect for https://www.bocks.com/autodiscover/autodiscover.xml and Outlook will ask user if they wish to allow www.bocks.com to configure their email settings.
 +
 +
== Thunderbird (Windows, Mac and Linux) ==
 +
 +
# Query http://autoconfig.$maildomain/mail/config-v1.1.xml
 +
# If not found, none of the other things in the list of checks that it performs apply so autoconfig fails.
 +
 +
== Apple Mail and iOS ==
 +
 +
Requires generation of a .mobileconfig file containing the settings. This has to be downloaded via web browser to the mobile device or Mac.
 +
 +
== Outlook for Mac ==
 +
 +
Unable to get this working.

Latest revision as of 20:40, 6 November 2014

http://www.andrewyager.com/blog/2008-09-13/outlook-2007-email-autodiscovery-php-server

http://www.winblogs.net/index.php/2012/08/07/autodiscover-with-smartermail-or-any-other-mail-server/

https://github.com/jamesiarmes/php-ews/wiki/Autodiscovery

http://technet.microsoft.com/en-us/library/cc511507%28v=office.14%29.aspx#AutodiscoverXMLSchema

https://bugzilla.mozilla.org/show_bug.cgi?id=521538

http://www.emaildiscussions.com/showthread.php?t=62769

Hostnames required

In the following examples, $maildomain is the domain from the email address being configured. $securedomain is a host or domain that we have an SSL certificate for. Due to the way the autodiscover works, autodiscover.$hostdomain needs to have a different IP to $securedomain

autoconfig.$hostdomain should be an IP that has no HTTPS service. $securedomain doesn't have to contain $hostdomain or $maildomain


autoconfig.$maildomain (CNAME to autoconfig.$hostdomain)

  • Used by Thunderbird to configure email. You can configure custom mail server names using a script to query the email address.
  • SSL certificate not required for this hostname.

autodiscover.$maildomain (CNAME to autoconfig.$hostdomain)

  • Use a CNAME in $maildomain for autoconfig.$customerdomain pointing to autodiscover.daily.co.uk
  • IP address must NOT allow access via HTTPS so that it uses http and follows redirect to $securedomain without giving an SSL warning.
  • SSL certificate not required for this hostname.

$securedomain is for after the redirect

  • No CNAME required for this one, but SSL certificate is required.


$maildomain DNS

autoconfig         IN CNAME  autoconfig.$hostdomain.
autodiscover       IN CNAME  autoconfig.$hostdomain.
_autodiscover._tcp IN SRV    0 1 80 autoconfig.$maildomain.

There are other SRV records which may be setup as per RFC 6186. 

_imap._tcp         IN SRV    10 1 143 imap.$hostdomain.
_imaps._tcp        IN SRV    0 1 993 imap.$hostdomain.
# pop3 has a higher priority value which results in imap being preferred
_pop3._tcp         IN SRV    10 1 110 pop.$hostdomain.
_pop3s._tcp        IN SRV    10 1 995 pop.$hostdomain.

_submission._tcp   IN SRV    0 1 587 mail.$hostdomain.

In the event that POP3 and IMAP are not available (e.g SSL variants only), use something like the following: 

_imap._tcp         IN SRV    0 0 0 .
_pop3._tcp         IN SRV    0 0 0 .

There is no evidence that any clients use these SRV records yet.

Windows Outlook 2007/2010/2013

Outlook 2010

  1. Query https://autodiscover.$maildomain/autodiscover/autodiscover.xml (this needs to fail because https blocked)
  2. Query http://autodiscover.$maildomain/autodiscover/autodiscover.xml
  3. Get redirected to https://$securedomain/autodiscover/autodiscover.xml
  4. Prompts for allowing that url to configure mail client

For example, if we have an SSL certificate for www.bocks.com, we can setup a redirect for https://www.bocks.com/autodiscover/autodiscover.xml and Outlook will ask user if they wish to allow www.bocks.com to configure their email settings.

Thunderbird (Windows, Mac and Linux)

  1. Query http://autoconfig.$maildomain/mail/config-v1.1.xml
  2. If not found, none of the other things in the list of checks that it performs apply so autoconfig fails.

Apple Mail and iOS

Requires generation of a .mobileconfig file containing the settings. This has to be downloaded via web browser to the mobile device or Mac.

Outlook for Mac

Unable to get this working.

Retrieved from "https://wiki.leaky.org/index.php?title=EmailAutoDiscover&oldid=180"