Support StartTLS for SMTP autoconfiguration

[aspettl]

Hello

I want to advertise the submission port (SMTP with STARTTLS and authentication, port 587) instead of SMTP via SSL (port 465). Reason: port 587 is the standard, port 465 is not RFC compliant.

I use the "socket" variable of "smtp" with the value "STARTTLS" for that. This is exactly the right format for "config-v1.1.xml".

Unfortunately, for "autodiscover.xml" it is not that simple: it seems that Outlook 2007 understands only the "SSL" tag. Since Outlook 2010, there is an "Encryption" tag superseding "SSL" (which can have the value "SSL" or "TLS", see also [1]). In this PR, I switch over to the "Encryption" tag completely. This means Outlook 2007 cannot understand the new format.

To remedy this for users staying with "SSL" and needing Outlook 2007 support, one could probably let the SSL tag remain as before (I can make that change if this is favored). According to the documentation in [1], the presence of "Encryption" should make "SSL" irrelevant for Outlook 2010 and later. However, I'm not sure if the presence of "Encryption" lets some schema validation fail in Outlook 2007...

Just for cross-reference, I'm using this in the context of [2].

[1] https://msdn.microsoft.com/en-us/library/cc463896(EXCHG.80).aspx
[2] https://github.com/johansmitsnl/docker-email-autodiscover/issues/2

[gronke]

Hey @aspettl! I would not recommend anybody to use Outlook 2007 in 2018 😏It's fine to drop the support for clients that are outdated since about a decade.

[aspettl]

Hi @gronke, good :-) Do you want to merge this into your repository or are there some open points or doubts?

If you want I can also update the README and settings.json.sample to use port 587 with STARTTLS.

[aspettl]

Any update?

[aspettl]

Ping

[gnanet]

While i was reading trough http://interoperability.blob.core.windows.net/files/MS-OXDSCLI/[MS-OXDSCLI].pdf i found the mentioned Encryption, and SSL entries. BUT in the XSD that is presented in the PDF, and here: https://msdn.microsoft.com/en-us/library/ee202398(v=exchg.80).aspx
does not include Encryption...

Then i tried to find the current XSD, but found nothing, except a sample XML that being said to work up to but not including Outlook2016:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/90402a98-6dbc-4ce2-a8c7-8a570b95cdd0/outlook-2016-version-1706-autodiscover-in-quotnew-account-creationquot-wizard-doesnt-work#86f6ce18-6467-4925-9f11-d4ee978a9bdc

https://msdn.microsoft.com/en-us/library/ee625072(v=exchg.80).aspx
2.2.4.1.1.2.4.22 Encryption
The Encryption element specifies the required encryption for the connection to the server. It MAY be an optional child element of the Protocol element (section 2.2.4.1.1.2.4). This element is valid only if the value of the Type element (section 2.2.4.1.1.2.4.46) is "IMAP, "POP3", or "SMTP". If the Encryption element is present, it overrides the SSL element (section 2.2.4.1.1.2.4.44).

https://msdn.microsoft.com/en-us/library/ee160260(v=exchg.80).aspx
2.2.4.1.1.2.4.44 SSL
The SSL element specifies whether the server requires SSL for logon. It is an optional child element of the Protocol element (section 2.2.4.1.1.2.4).

[mjelkins]

So what was the final verdict?
I run a small ISP, I've created an autodiscovery (and autoconfig) on my Linux server for customers that need assistance in setting up e-mail. I have separate IN (mail.vweb.co.za) and OUT (relay.vweb.co.za) mail servers. IN runs POP3 and IMAP over TLS, OUT only runs Submission (587) with Authentication and STARTSSL. I use exim as my preferred MTA. From the conversation above, I now have the following. Will it work? What needs fixing?
(autodiscover.php renamed to autodiscover-php.txt - so I could upload it)
autodiscover-php.txt

[gronke]

Hi @gronke, good :-) Do you want to merge this into your repository or are there some open points or doubts?

Hi @aspettl, I'm sorry for the silence due to urgent work on other projects. I have not been able to test and verify this changes yet, so it would be great if someone else could find time to give a thumbs up here.

[aspettl]

Doesn't really look like we get feedback from someone else :-(
I can only say that I tested this with Outlook 2010. I do not have a license for newer Outlook versions.

[djechelon]

I tried this and looks like working in Outlook 2019.

I would suggest to add STARTTLS support for the IMAP part as well. My server uses IMAP STARTTLS on 143 (Dovecot server software)

[jult]

Wow, isn't it amazing that we've already had RFC's for all this for over 20 years, yet big players like Microsoft and Apple are unable to read and obey them? Oh and why are Microsoft, apple and ios devices unable to grab simple data from the already existing autoconfig xml that mozilla provides? Ooh was it too hard to use an open standard for these boot-licking capitalist freaks?