Hi,
I love the mail client autoconfiguration options, however it's currently set to use plaintext authentication on port 25 for SMTP.
I have "Enable TLS encryption?" set to Always and Port 25 firewalled off for to help with PCI DSS compliance, so it would be great if I could edit the autoconfiguration template, or if it could pickup some more sensible detaults based on the server configuration.
I see you have "Added a template section to configure the mail client auto-configuration XML, for example if some domains use custom mail servers." on the release notes for 3.99 - this sound like exactly what I'm looking for but I can't find it anywhere (I'm running 3.99.gpl on CentOS 6.4 and using Postfix).
Also, when I enabled the Mail Client Autoconfiguration I get the following output (although I think it worked the fist time I ran it):
Enabling mail client autoconfiguration for 5 virtual servers .. Failed for domain1.com :
Failed for domain2.com :
Failed for domain3.com :
Failed for domain4.com :
Failed for domain5.com :
.. done
However, it does seems to work, correctly creating the cgi-bin/autoconfig.cgi files and mapping them to /mail/config-v1.1.xml for each domain
Many thanks,
Chris
Same exact behavior on my end -
Failed for domain2.com :
Failed for domain3.com :
Failed for domain4.com :
Failed for domain5.com :
Is this being addressed?
That error message is misleading - due to a bug in the code, it will appear even if there was no error!
You can configure the XML template at System Settings -> Server Templates -> Default Settings -> Mail client auto-configuration.
''
Hi, Thanks, I've found the XML Template editor... It containts:
<?xml version="1.0" encoding="UTF-8"?>
<clientConfig version="1.1">
<emailProvider id="$SMTP_DOMAIN">
<domain>$SMTP_DOMAIN</domain>
<displayName>$OWNER Email</displayName>
<displayShortName>$OWNER</displayShortName>
<incomingServer type="imap">
<hostname>$IMAP_HOST</hostname>
<port>$IMAP_PORT</port>
<socketType>$IMAP_TYPE</socketType>
<authentication>$IMAP_ENC</authentication>
<username>$SMTP_LOGIN</username>
</incomingServer>
<outgoingServer type="smtp">
<hostname>$SMTP_HOST</hostname>
<port>$SMTP_PORT</port>
<socketType>$SMTP_TYPE</socketType>
<authentication>$SMTP_ENC</authentication>
<username>$SMTP_LOGIN</username>
</outgoingServer>
</emailProvider>
</clientConfig>
Which looks right - but how to I change the values of the variables so that I can set it to use TLS by default for SMTP? (Port 587 etc). Should I just remove the variables and replace with the static values? Or is there another page where they are calculated pre-account?
Yes, you can just replace the variable with a static port number.
''
How would I tweak to suggest/enable TLS on the SMTP (outgoingServer)?
Or do I even have to? Maybe TLS is used anyway?
Thanks,
G
p.s. "echo $SMTP_ENC" at the server CLI shows nothing.
In the template described earlier in the thread, just replace
$SMTP_TYPEwithSTARTTLS''
Perfect. I actually decided to use 'SSL' instead of 'STARTTLS'. Many clients have port 25 blocked by ISPs and I wanted to get around that.
Works great now!
Thanks,
G
I spoke too soon.
The remaining problem I ran into is that the autoconfig is being populated (most of the time?) with a bad username.
On our server, we use short usernames (without the domain name or TLD) most of the time, but if there is a conflict, the system creates usernames in the form of 'username.domain' (not username.domain.tld).
The autoconfiguration appears to be plugging in 'username.domain' all the time which fails most of the time.
How might I tweak te XML template for just 'username'?
Thanks,
G
Unfortunately, that use case isn't supported :-(
The autoconfig script doesn't have access to the user database (as it just runs as a regular CGI script), so it doesn't know which users have been given short names.
''
OK, then, what use case is supported? I imagined my use case to be mainstream.
Thanks,
G
p.s. We're using LDAP. Does that make a difference?
The case it is designed to support is the default Virtualmin behavior, where every username has the domain as a prefix or suffix.
''
It seems to me that the configuration-settings for the XML-template are not read from Postfix/Dovecot. I have changed some authentication-settings (e.g. from plaintext-password to crypted) but this value was not changed in the xml template - even if set up a new virtual server for testing.
Is this right that i have to change the variables in /cgi-bin/autoconfig.cgi for every host manually if i change the postfix/dovecot configuration?
If yes, please fix it so that the new changes will be rolled out to every installed virtual server. Thanks!
These settings should be read from the active Postfix and Dovecot settings.
For example, with Dovecot if not running in SSL mode and if the
disable_plaintext_authdirective is set toyes, thenpassword-encryptedmode will be used for IMAP in the XML.''
OK, after writing off this feature as unusable, I'm revisiting. I really want it to work.
1) How can I make the script actually determine the username instead of guessing? We just use the most normal format of 'username', no domain, no TLD.
2) What variable can I use so that the AutoConfiguration CGI script spits out the username ($SMTP_LOGIN) in the format of "username"...no domain, no TLD?
3) Once I make a change here:
System Settings -> Server Templates -> Default Settings -> Mail client auto-configuration
How to I activate the changes? Per domain? If I make changes, they are not displayed here:
http://www.domain.tld/cgi-bin/autoconfig.cgi?emailaddress=myaddress@mydo...
Thank in advance,
G
The script will use whatever username format is configured for the domain, at the time autoconfiguration was enabled. Unfortunately because it runs as a CGI, it doesn't have access to the actual username, so its guess can be wrong if the username format was changed.
You can use
$mailboxThis is a bug - the new XML should be applied when you change the template. Currently you have to disable and then re-enabled autoconfiguration to force the new template to be used.
''
I now have this feature working for most users. Thanks much for the info.
I think this feature needs to be improved, less guessing and more programatic, but I'm happy to be this close!
So the basic procedure is:
1) Disable Auto-Configuration Feature
2) Modify the XML
3) Re-enable the Auto-Configuration Feature
4) Use a browser to check the results:
http://www.yourdomain.tld/cgi-bin/autoconfig.cgi?emailaddress=youruserna...
BTW, for anyone that has to look this up:
You currently have to edit the XML file here:
System Settings -> Server Templates -> (template) -> Mail Client Auto-Configuration
Then, to activate the changes, disable the Auto-Configuration Feature, then re-enable it:
E-Mail Messages -> Mail Client Configuration
Thanks,
G
Hi,
I just discovered the new autoconfiguration feature and updated webmin/virtualmin accordingly.
On my SMTP/POP/IMAP server I manage all mail accounts with Webmin.
I tried to "Enable mail client autoconfiguration".
And I get the message : "No virtual servers with email enabled exist". Well... all the virtual servers are there only for email (the web sites are elsewhere).
How can I find more about what's causing the pb ? I do not see anything in webmin.log, miniserv.log and miniserv.error.
Thanks ! -- JM
Replying to myself.
Okay... obviously if the web servers are elsewhere Webmin cannot generate a file inside the web server.
Hm. Is there a way to generate the autoconfig file so that I can transfer it to the Webmin box that manages the web servers ?
Thanks -- JM
You could try enabling a website for one domain, manually fetching the autoconfig XML, and then having it served from your real webserver for other domains.
''
When I use autoconfig on various email clients, they all default to having my username without the domain name, yet my server is set up to use the full domain name for usernames. I have to manually change the username from xxx to xxx@domain.com
My autoconfig scripts are set up with this: $SMTP_LOGIN
I have no idea what to do to fix this and a search is yielding nothing.
Also when using the autoconfig it defaults to no encryption. I prefer it default to TLS(accept all certificates). How can I make this happen?
Thanks