Mail Client AutoConfiguration Issues

21 posts / 0 new
Last post
#1 Tue, 04/09/2013 - 03:46
wheeler

Mail Client AutoConfiguration Issues

Hi,

I love the mail client autoconfiguration options, however it's currently set to use plaintext authentication on port 25 for SMTP.

I have "Enable TLS encryption?" set to Always and Port 25 firewalled off for to help with PCI DSS compliance, so it would be great if I could edit the autoconfiguration template, or if it could pickup some more sensible detaults based on the server configuration.

I see you have "Added a template section to configure the mail client auto-configuration XML, for example if some domains use custom mail servers." on the release notes for 3.99 - this sound like exactly what I'm looking for but I can't find it anywhere (I'm running 3.99.gpl on CentOS 6.4 and using Postfix).

Also, when I enabled the Mail Client Autoconfiguration I get the following output (although I think it worked the fist time I ran it):

Enabling mail client autoconfiguration for 5 virtual servers .. Failed for domain1.com :

Failed for domain2.com :

Failed for domain3.com :

Failed for domain4.com :

Failed for domain5.com :

.. done

However, it does seems to work, correctly creating the cgi-bin/autoconfig.cgi files and mapping them to /mail/config-v1.1.xml for each domain

Many thanks,

Chris

Mon, 04/15/2013 - 02:03
HarryZink

Same exact behavior on my end -

Failed for domain2.com :

Failed for domain3.com :

Failed for domain4.com :

Failed for domain5.com :

Is this being addressed?

Mon, 04/15/2013 - 17:22
JamieCameron

That error message is misleading - due to a bug in the code, it will appear even if there was no error!

You can configure the XML template at System Settings -> Server Templates -> Default Settings -> Mail client auto-configuration.

''

Tue, 04/16/2013 - 03:07
wheeler

Hi, Thanks, I've found the XML Template editor... It containts:

<?xml version="1.0" encoding="UTF-8"?>

<clientConfig version="1.1">
  <emailProvider id="$SMTP_DOMAIN">
    <domain>$SMTP_DOMAIN</domain>
    <displayName>$OWNER Email</displayName>
    <displayShortName>$OWNER</displayShortName>
    <incomingServer type="imap">
      <hostname>$IMAP_HOST</hostname>
      <port>$IMAP_PORT</port>
      <socketType>$IMAP_TYPE</socketType>
      <authentication>$IMAP_ENC</authentication>
      <username>$SMTP_LOGIN</username>
    </incomingServer>
    <outgoingServer type="smtp">
      <hostname>$SMTP_HOST</hostname>
      <port>$SMTP_PORT</port>
      <socketType>$SMTP_TYPE</socketType>
      <authentication>$SMTP_ENC</authentication>
      <username>$SMTP_LOGIN</username>
    </outgoingServer>
  </emailProvider>
</clientConfig>

Which looks right - but how to I change the values of the variables so that I can set it to use TLS by default for SMTP? (Port 587 etc). Should I just remove the variables and replace with the static values? Or is there another page where they are calculated pre-account?

Tue, 04/16/2013 - 12:32 (Reply to #4)
JamieCameron

Yes, you can just replace the variable with a static port number.

''

Fri, 05/03/2013 - 13:48
sonoracomm

How would I tweak to suggest/enable TLS on the SMTP (outgoingServer)?

Or do I even have to? Maybe TLS is used anyway?

Thanks,

G

p.s. "echo $SMTP_ENC" at the server CLI shows nothing.

Sat, 05/04/2013 - 00:53 (Reply to #6)
JamieCameron

In the template described earlier in the thread, just replace $SMTP_TYPE with STARTTLS

''

Sun, 05/05/2013 - 18:02 (Reply to #7)
sonoracomm

Perfect. I actually decided to use 'SSL' instead of 'STARTTLS'. Many clients have port 25 blocked by ISPs and I wanted to get around that.

Works great now!

Thanks,

G

Sun, 05/05/2013 - 18:24 (Reply to #8)
sonoracomm

I spoke too soon.

The remaining problem I ran into is that the autoconfig is being populated (most of the time?) with a bad username.

On our server, we use short usernames (without the domain name or TLD) most of the time, but if there is a conflict, the system creates usernames in the form of 'username.domain' (not username.domain.tld).

The autoconfiguration appears to be plugging in 'username.domain' all the time which fails most of the time.

How might I tweak te XML template for just 'username'?

Thanks,

G

Sun, 05/05/2013 - 21:38 (Reply to #9)
JamieCameron

Unfortunately, that use case isn't supported :-(

The autoconfig script doesn't have access to the user database (as it just runs as a regular CGI script), so it doesn't know which users have been given short names.

''

Thu, 05/09/2013 - 10:19 (Reply to #10)
sonoracomm

OK, then, what use case is supported? I imagined my use case to be mainstream.

Thanks,

G

p.s. We're using LDAP. Does that make a difference?

Thu, 05/09/2013 - 15:50 (Reply to #11)
JamieCameron

The case it is designed to support is the default Virtualmin behavior, where every username has the domain as a prefix or suffix.

''

Sun, 08/18/2013 - 05:00
roman1983

It seems to me that the configuration-settings for the XML-template are not read from Postfix/Dovecot. I have changed some authentication-settings (e.g. from plaintext-password to crypted) but this value was not changed in the xml template - even if set up a new virtual server for testing.

Is this right that i have to change the variables in /cgi-bin/autoconfig.cgi for every host manually if i change the postfix/dovecot configuration?

If yes, please fix it so that the new changes will be rolled out to every installed virtual server. Thanks!

Sun, 08/18/2013 - 13:07 (Reply to #13)
JamieCameron

These settings should be read from the active Postfix and Dovecot settings.

For example, with Dovecot if not running in SSL mode and if the disable_plaintext_auth directive is set to yes , then password-encrypted mode will be used for IMAP in the XML.

''

Mon, 08/19/2013 - 13:45
sonoracomm

OK, after writing off this feature as unusable, I'm revisiting. I really want it to work.

1) How can I make the script actually determine the username instead of guessing? We just use the most normal format of 'username', no domain, no TLD.

2) What variable can I use so that the AutoConfiguration CGI script spits out the username ($SMTP_LOGIN) in the format of "username"...no domain, no TLD?

3) Once I make a change here:

System Settings -> Server Templates -> Default Settings -> Mail client auto-configuration

How to I activate the changes? Per domain? If I make changes, they are not displayed here:

http://www.domain.tld/cgi-bin/autoconfig.cgi?emailaddress=myaddress@mydo...

Thank in advance,

G

Tue, 08/20/2013 - 15:13 (Reply to #15)
JamieCameron
  1. The script will use whatever username format is configured for the domain, at the time autoconfiguration was enabled. Unfortunately because it runs as a CGI, it doesn't have access to the actual username, so its guess can be wrong if the username format was changed.

  2. You can use $mailbox

  3. This is a bug - the new XML should be applied when you change the template. Currently you have to disable and then re-enabled autoconfiguration to force the new template to be used.

''

Tue, 08/20/2013 - 17:24 (Reply to #16)
sonoracomm

I now have this feature working for most users. Thanks much for the info.

I think this feature needs to be improved, less guessing and more programatic, but I'm happy to be this close!

So the basic procedure is:

1) Disable Auto-Configuration Feature

2) Modify the XML

3) Re-enable the Auto-Configuration Feature

4) Use a browser to check the results:

http://www.yourdomain.tld/cgi-bin/autoconfig.cgi?emailaddress=youruserna...

BTW, for anyone that has to look this up:

You currently have to edit the XML file here:

System Settings -> Server Templates -> (template) -> Mail Client Auto-Configuration

Then, to activate the changes, disable the Auto-Configuration Feature, then re-enable it:

E-Mail Messages -> Mail Client Configuration

Thanks,

G

Sun, 10/06/2013 - 12:49
Jean-MarcCoursimault

Hi,

I just discovered the new autoconfiguration feature and updated webmin/virtualmin accordingly.

On my SMTP/POP/IMAP server I manage all mail accounts with Webmin.

I tried to "Enable mail client autoconfiguration".

And I get the message : "No virtual servers with email enabled exist". Well... all the virtual servers are there only for email (the web sites are elsewhere).

How can I find more about what's causing the pb ? I do not see anything in webmin.log, miniserv.log and miniserv.error.

Thanks ! -- JM

Sun, 10/06/2013 - 12:54 (Reply to #18)
Jean-MarcCoursimault

Replying to myself.

Okay... obviously if the web servers are elsewhere Webmin cannot generate a file inside the web server.

Hm. Is there a way to generate the autoconfig file so that I can transfer it to the Webmin box that manages the web servers ?

Thanks -- JM

Sun, 10/06/2013 - 14:03 (Reply to #19)
JamieCameron

You could try enabling a website for one domain, manually fetching the autoconfig XML, and then having it served from your real webserver for other domains.

''

Fri, 03/20/2015 - 17:25
jmunjr

When I use autoconfig on various email clients, they all default to having my username without the domain name, yet my server is set up to use the full domain name for usernames. I have to manually change the username from xxx to xxx@domain.com

My autoconfig scripts are set up with this: $SMTP_LOGIN

I have no idea what to do to fix this and a search is yielding nothing.

Also when using the autoconfig it defaults to no encryption. I prefer it default to TLS(accept all certificates). How can I make this happen?

Thanks

Topic locked