Skip to content

Offers mailaccount autodiscover in Thunderbird and Outlook to all your customers in a ISPConfig multiserver environment.

Notifications You must be signed in to change notification settings

SpicyWeb-de/isp-mailConfig

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ISPConfig Server Addons

Autodiscover (Outlook) + Autoconfig (Thunderbird)

NOTE: This is no longer a mirror of https://spicyhub.de/spicy-web/isp-mailconfig. I am finally moving my OSS projects to github. So please use issues and PRs on github to post bug reports or contribute to the sourcecode.

Intro

Using this tool you can offer mailaccount autodiscover in Thunderbird and Outlook to all your customers in a multiserver environment.

Placeholders

  • my-service.com = The domain you run your "autodiscover" service on
  • my-mail.com = The domain you want to activate autodiscover and autoconfig for
  • PANEL-SERVER-IP = IP Address of the ISPConfig server (of course you can install the tool on any/every server in your environment)
    • In case of installing it on another server than the panel, you have to use another user and group instead of ispapps in vHost config and console commands.

Requirements

php-soap is required for API-Requests.
php7.3-soap for example.

Outlook requires access to a SSL secured page with a trusted certificate.

The example configuration uses the ISPConfig interface SSL certificate, for this to work it will have to be a valid publicly signed wildcard certificate. For example a StartSSL signed Level 2 (Personal Identity) certificate.

That should be enough for Outlook to work without error messages and warnings.

Setup

Prepare ISPConfig

The discover plugin is not realized as Website managed by ISPConfig. This setup guide explains the setup of the vHost from scratch. So you can install it on any of your servers running a webserver.

Example for Apache2

Example configuration for Apache2 (Ubuntu 16.04)

  • Add a new vHost Config file: vi /etc/apache2/sites-available/discover.my-service.com.conf

Content:

	<VirtualHost *:80>
	  ServerName discover.my-service.com
	  ServerAlias autoconfig.my-service.com
	  ServerAlias autoconfig.*
	  ServerSignature Off
	  
	  # Redirect non HTTPS and wrong domain names
	  RewriteEngine On
	  RewriteCond %{HTTPS} !on [OR]
	  RewriteCond %{HTTP_HOST} !^discover\.my-service\.com$
	  RewriteRule ^(.*)$ https://discover.my-service.com$1 [L,R]
	</VirtualHost>
	
	<VirtualHost *:443>
	  ServerName discover.my-service.com
	  ServerAlias autoconfig.my-service.com
	  ServerAlias autoconfig.*
	  ServerAdmin [email protected]
	  ServerSignature Off
	  
	  ErrorLog /var/log/ispconfig/httpd/discover.my-server.com/error.log
	
	  # Redirect client domains to my-service.com when connecting direct via HTTPS
	  RewriteEngine On
	  RewriteCond %{HTTP_HOST} !^discover\.my-service\.com$
	  RewriteRule ^(.*)$ https://discover.my-service.com$1 [L,R]
  
	  <IfModule mod_fcgid.c>
	    DocumentRoot /var/www/discover
	    SuexecUserGroup ispapps ispapps
	    <Directory /var/www/discover>
	      Options +Indexes +FollowSymLinks +MultiViews +ExecCGI
	      AllowOverride AuthConfig Indexes Limit Options FileInfo
      	      <FilesMatch "\.php$">
	        AddHandler fcgid-script .php
	      </FilesMatch>
	      FCGIWrapper /var/www/php-fcgi-scripts/apps/.php-fcgi-starter .php
	      Require all granted
	    </Directory>
	  </IfModule>
	
	  <IfModule mod_php5.c>
	    DocumentRoot /var/www/discover
	    AddType application/x-httpd-php .php
	    <Directory /var/www/discover>
	      Require all granted
	    </Directory>
	  </IfModule>
	
	  # This config uses the certificate that is used for ISPC Panel
	  # Change path if needed
	  SSLEngine On
	  SSLProtocol All -SSLv2 -SSLv3
	  # SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
	  SSLHonorCipherOrder     on
	  SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
	  SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
	  # Always wise to include the cert chain, change as needed and uncomment
	  #SSLCertificateChainFile /usr/local/ispconfig/interface/ssl/startssl.chain.class2.server.crt
	</VirtualHost>

Example for nginx

Add the following locations to a server configuration of your choice:
(asumtion: discover.my-service.com)

  location ~* ^(/mail/config-v1.1.xml|/autodiscover) {
    index     index.html index.htm index.php;
    rewrite ^(.*)$ /index.php?file=$1 last;
  }
  location /index.php {
    root          /var/www/discover;
    include       /etc/nginx/fastcgi_params;

    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    access_log /var/log/nginx/automail_access.log;
    error_log /var/log/nginx/automail_error.log;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 256 4k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_intercept_errors on;
    fastcgi_temp_file_write_size 256k;
  }

Install the tool

  • Enter your ISPConfig panel at System -> Remote Users and create a new remote user with these privileges (ISPConfig 3.1 item names):
    • Server functions
    • Mail user functions
  • If your automail host is different to your ISPConfig Multiserver master, allow the remote user access from this remote host address
  • Clone the repository into the discover-webfolder
  • If using Apache2, edit .htaccess and replace SERVER.TLD with the FQDN of your machine
  • Copy the shipped config file
  • Open it in your favorite editor
    • Enter ISPC-URLs and Remote User credentials as well as the name of your service
    • (optional) Enter a fallback server FQDN to use if the user couldn't be found in ISPConfig (defaults to $_SERVER['SERVER_NAME'])
    • (optional) Enter domain names of SMTP/IMAP/POP servers to fully override autodiscovery via ISPConfig API

Shell Commands:

cd /var/www
git clone https://github.com/SpicyWeb-de/isp-mailConfig.git discover
chown -R ispapps:ispapps discover
cd discover
cp config.dist.php config.php
vi config.php

DNS Config

Add the following DNS records for zone my-service.com:

  • A discover -> ISPConfig-SERVER-IP
    • maybe also AAAA, if IPv6 available for ISPConfig server
  • CNAME autoconfig -> discover

Add the following DNS records for zone my-mail.com to enable autoconfig:

  • SRV _autodiscover._tcp -> 1 10 443 discover.my-service.com
  • [SRV-Format on Route53: [priority] [weight] [port] [server host name]]
  • CNAME autoconfig -> discover.my-service.com.

Testing

This tool works only for real existing mail accounts as it queries the ISPC Remote API for them.

While testing make sure to use addresses, that exist on your server.

Mozilla / Thunderbird

Enter https://discover.my-service.com/mail/config-v1.1.xml?emailaddress=user%40my-mail.com in your browser.

For an existing mail address in the emailaddress-parameter you should get an answer like this:

<?xml version="1.0" encoding="UTF-8"?>
<clientConfig version="1.1">
    <emailProvider id="my-mail.com">
        <domain>my-mail.com</domain>
        <displayName>YOUR SERIVCE NAME</displayName>
        <displayShortName>SERVICE</displayShortName>
        <incomingServer type="pop3">
            <hostname>mailserver.my-service.com</hostname>
            <port>995</port>
            <socketType>SSL</socketType>
            <authentication>password-cleartext</authentication>
            <username>[email protected]</username>
            <pop3>
                <leaveMessagesOnServer>true</leaveMessagesOnServer>
                <downloadOnBiff>true</downloadOnBiff>
                <daysToLeaveMessagesOnServer>10</daysToLeaveMessagesOnServer>
            </pop3>
        </incomingServer>
        <incomingServer type="imap">
            <hostname>mailserver.my-service.com</hostname>
            <port>993</port>
            <socketType>SSL</socketType>
            <authentication>password-cleartext</authentication>
            <username>[email protected]</username>
        </incomingServer>
        <outgoingServer type="smtp">
            <hostname>mailserver.my-service.com</hostname>
            <port>587</port>
            <socketType>STARTTLS</socketType>
            <authentication>password-cleartext</authentication>
            <username>[email protected]</username>
        </outgoingServer>
    </emailProvider>
</clientConfig>

Microsoft Outlook

As Outlook posts an XML-File with user data to the server you can't just call it in browser to test it.

You can use Microsofts Remote Connectivity Analyzer at https://testconnectivity.microsoft.com/ to check if the Outlook-AutoDiscovery is working.

It takes some time but should also give a positive result for an existing Mail Account on my-mail.com.

Changes

02/11/2016 Djerk Geurts - Changed to make server configurable. Multiserver configurations aren't served well by pointing users at a single server. config.php now allows the use of a detected server hostname or a configured one. Plus general updates for ISPConfig 3.1.

06/11/2019 Conrad Sachweh - Handle Gnome Evolution and return static config for invalid inputs.

Credits

About

Offers mailaccount autodiscover in Thunderbird and Outlook to all your customers in a ISPConfig multiserver environment.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published