About

Mail user agents (MUAs) have the ability to automatically configure settings by pulling the settings directly from a configuration provider. This guide shows how to setup mail settings autodiscovery for an example mail server providing configuration settings for:

Mozilla Thunderbird,
Microsoft Outlook,
Apple Mail

Requirements

Apache2 HTTP(s) webserver,
valid SSL certificate - LetsEncrypt will suffice,
access to DNS records

Assumptions

the IP address of the mail server is 185.68.8.228,
the domain name of the mail server is server.tld,
the IMAP and SMTP sub-domains are both pointing to mail.server.tld

Adding DNS Records

Microsoft Outlook requires a SRV DNS record to be added for the mail domain:

autoconfig		300	IN	A	185.68.8.228
_autodiscover._tcp.server.tld.		300	IN	SRV	1	1	443	autoconfig.server.tld.

where:

185.68.8.228 is the IP address of the mail server,
server.tld has to be replaced with the domain name of the mail server (not any IMAP or SMTP sub-domains, if they exist).

Note that the SRV record will be pointing to autoconfig.server.tld which currently has an A record pointing to 185.68.8.228 which was said to be the IP address of the mail server but autoconfig.server.tld can point to any server capable of serving files through HTTP(s).

Configuring Apache2

Add two new files to /etc/apache2/sites-available to define two new virtual hosts.

The first file will be /etc/apache2/sites-available/autoconfig.server.tld.conf a virtual host running over unencrypted HTTP:

<VirtualHost *:80>
    ServerName autoconfig.server.tld
 
    ServerAdmin admin@server.tld
    DocumentRoot /var/www/autoconfig
 
    <Location />
        AddDefaultCharset UTF-8
        ## Enable for mod_php
        # php_value magic_quotes_gpc off
        # php_value register_globals off
        ## Enable for php FPM
        SetEnv PHP_ADMIN_VALUE "magic_quotes_gpc = Off"
        SetEnv PHP_ADMIN_VALUE "register_globals = Off"
    </Location>
 
    RedirectMatch 404 ^/$
 
    ErrorLog ${APACHE_LOG_DIR}/autoconfig.server.tld-error.log
    CustomLog ${APACHE_LOG_DIR}/autoconfig.server.tld-access.log common
</VirtualHost>

where:

server.tld is the mail server domain,
admin@server.tld is the administrative email for the mail server domain,
/var/www/autoconfig is the path to some directory readable by Apache where autoconfiguration files will be stored

The virtual host will serve autoconfiguration files from /var/www/autoconfig and will send a 404 (not found) HTTP error code for browser requests.

The configuration should be changed depending on whether mod_php is enabled or whether apache uses PHP FPM as a backend by uncommenting the appropriate lines.

The second file will be /etc/apache2/sites-available/autoconfig.server.tld-ssl.conf that will provide the mail configuration files over HTTPs:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin admin@server.tld
    ServerName autoconfig.server.tld
 
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/server.tld/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/server.tld/privkey.pem
 
    DocumentRoot /var/www/autoconfig
 
    <Location />
        AddDefaultCharset UTF-8
        <IfModule mod_php5.c>
            php_value magic_quotes_gpc off
            php_value register_globals off
        </IfModule>
        SetEnv PHP_ADMIN_VALUE "magic_quotes_gpc = Off"
        SetEnv PHP_ADMIN_VALUE "register_globals = Off"
    </Location>
 
    RedirectMatch 404 ^/$
 
    ErrorLog "/var/log/apache2/autoconfig.server.tld-error.log"
    CustomLog "/var/log/apache2/autoconfig.server.tld-access.log" common
</VirtualHost>
</IfModule>

The /etc/apache2/sites-available/autoconfig.server.tld-ssl.conf file has to be configured similar to the HTTP counterpart by replacing server.tld and picking the appropriate PHP settings.

Creating the Configuration Files

With the virtual hosts and DNS in place the configuration files have to be added to /var/www/autoconfig. Here is a filesystem overview on how the files will be placed:

/var/www/autoconfig
      +
      |
      +-- Autodiscover
      |        +
      |        |
      |        +-- Autodiscover.xml
      |
      |
      +-- mail
           +
           |
           +-- config-v1.1.xml

The /var/www/autoconfig/Autodiscover/Autodiscover.xml file provides E-Mail settings autodiscovery for Microsoft Outlook:

Autodiscover.xml

<?xml version="1.0" encoding="utf-8" ?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
	<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
		<Account>
			<AccountType>email</AccountType>
			<Action>settings</Action>
 
			<Protocol>
				<Type>IMAP</Type>
				<TTL>1</TTL>
 
				<Server>mail.server.tld</Server>
				<Port>993</Port>
 
				<DomainRequired>off</DomainRequired>
				<DomainName>server.tld</DomainName>
 
				<SPA>off</SPA>
				<SSL>on</SSL>
				<AuthRequired>on</AuthRequired>
			</Protocol>
		</Account>
 
		<Account>
			<AccountType>email</AccountType>
			<Action>settings</Action>
 
			<Protocol>
				<Type>SMTP</Type>
				<TTL>1</TTL>
 
				<Server>mail.server.tld</Server>
				<Port>25</Port>
 
				<DomainRequired>off</DomainRequired>
				<DomainName>server.tld</DomainName>
 
				<SPA>off</SPA>
				<SSL>on</SSL>
				<AuthRequired>on</AuthRequired>
			</Protocol>
		</Account>
	</Response>
</Autodiscover>

and defines a mail server at server.tld with:

the IMAP server pointing to mail.server.tld:
- listening on port 993,
- requiring authentication,
- with SSL enabled
the SMTP server pointing to mail.server.tld:
- listening on port 25,
- requiring authentication,
- with SSL enabled

Note that these settings should match the mail server configuration settings.

The /var/www/autoconfig/mail/config-v1.1.xml file serves mail server configuration settings for Thunderbird and contains the following:

config-v1.1.xml

<clientConfig version="1.1">
  <emailProvider id="server.tld">
    <domain>server.tld</domain>
    <displayName>server.tld - %EMAILLOCALPART%</displayName>
    <displayShortName>Datagouvfr</displayShortName>
    <incomingServer type="imap">
      <hostname>mail.server.tld</hostname>
      <port>993</port>
      <socketType>SSL</socketType>
      <username>%EMAILADDRESS%</username>
      <authentication>password-cleartext</authentication>
    </incomingServer>
    <outgoingServer type="smtp">
      <hostname>mail.server.tld</hostname>
      <port>25</port>
      <socketType>SSL</socketType>
      <authentication>password-cleartext</authentication>
      <username>%EMAILADDRESS%</username>
    </outgoingServer>
  </emailProvider>
</clientConfig>

and defines a mail server at server.tld with:

the IMAP server pointing to mail.server.tld:
- listening on port 993,
- requiring plaintext authentication,
- with SSL enabled
the SMTP server pointing to mail.server.tld:
- listening on port 25 (or 587 for STARTTLS),
- requiring plaintext authentication,
- with SSL enabled (other valid option is STARTTLS)

Note that the configuration uses SSL instead of STARTLS due to some broken MUAs that disclose passwords.

Testing

Except for starting MUAs and checking whether they succeed in pulling the configuration settings, Microsoft provides a way to check for mail autodiscovery. Make the choice Microsoft Office Outlook Connectivity Tests→Outlook Autodiscover and then on the next page enter:

the E-Mail address,
some made up domain preceding the username in the Domain\User Name (or UPN) section,

but do not provide your real password since only autodiscovery will be checked.

Alternatives

Tiliq's project is a node.js server that serves autoconfiguration files for Microsoft Outlook, Thunderbird, Apple Mail and iOS Mail (the latter not being covered in this guide).

However the problem with running a standalone server is that it will occupy the webserver ports.

Table of Contents