How to automatically configure email (Thunderbird, Outlook, and iOS/OSX Mail) with Nethserver

Howto
,
21

Hi ! Very interesting work.

I ran into multiple issues however. At first nothing worked. Mobileconfig files were empty, and Thunderbird didn’t auto configured.

Here are my debug notes :

Trying to test using /usr/bin/automx-test :

Testing Autoconfig ...
Connecting to http://autoconfig.gaillet.be/mail/config-v1.1.xml?emailaddress=matthieu@gaillet.be ...

  HTTP/1.1 302 Found
  Date: Sat, 08 Sep 2018 19:31:50 GMT
  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
  Location: https://autoconfig.gaillet.be/mail/config-v1.1.xml?emailaddress=matthieu@gaillet.be
  Content-Length: 267
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/html; charset=iso-8859-1
  HTTP/1.1 500 Internal Server Error
  Date: Sat, 08 Sep 2018 19:31:50 GMT
  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
  Content-Length: 0
  Connection: close
  Content-Type: text/xml
Trying fallback URL ...
Connecting to http://gaillet.be/.well-known/autoconfig/mail/config-v1.1.xml?emailaddress=matthieu@gaillet.be ...

No autoconfig endpoint found.

In /var/log/httpd/error_log, I see [Errno 2] No such file or directory: u'/var/log/automx/automx.log'
–> easy one : chown apache:apache /var/log/automx/

and also :
raise Exception("python ldap missing")

Therefore I tried to pip install python-ldap, which in turn failed because I first needed to yum install python-devel openldap-devel.

Then it begun to work. At least it looked like it worked but still Thunderbird isn’t auto configuring.

There is a connection on http port, with a 302 invitation to switch https, then I don’t know what happens.

Next I use the web interface to generate a mobileconfig file. It works !

Now the next big deal is getting caldav and carddav auto configure for nextcloud !

Enough for tonight, I’ll go further tomorrow. If someone has some advice, I’ll be happy to follow them.

BTW, passwords are showed as clear text in the logs. I guess that shouldn’t be the case ?!

1 Like
22

I thought I’d required python-ldap as a dependency in nethserver-automx, but it looks like I hadn’t. I’ll try to get an updated RPM out shortly to address that. I’d recommend yum install python-ldap, though, rather than pip.

I believe this is expected if you have Debug turned on–which is one reason you shouldn’t leave it turned on.

The redirect issue isn’t expected with 0.0.1-5–which version do you have installed?

23

Thanks I followed your advice.

Installed Packages
Name        : nethserver-automx
Arch        : noarch
Version     : 0.0.1
Release     : 5.ns7
Size        : 4.5 k
Repo        : installed
From repo   : danb35
Summary     : NethServer configuration for automx
License     : GPL
Description : NethServer configuration for automx (https://automx.org)

This morning there was an update, I did it :

---> Package nethserver-automx.noarch 0:0.0.1-5.ns7 will be updated
---> Package nethserver-automx.noarch 0:0.0.1-6.ns7 will be an update

in access-log I see

10.0.1.57 - - [09/Sep/2018:09:14:06 +0200] "POST /mobileconfig HTTP/1.1" 200 4886 "https://autoconfig.gaillet.be/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.│

That looks better but still Thunderbird complains that it can’t find the right settings. Could be a Thunderbird issue tough.

24

Could be, but shouldn’t. What’s the result of automx-test now?

25

Works perfectly.

Wireshark tcp conversation trace taken on the client side :

GET /mail/config-v1.1.xml?emailaddress=matthieu%40gaillet.be HTTP/1.1
Host: autoconfig.gaillet.be
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 Lightning/5.4.9.1
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 302 Found
Date: Sun, 09 Sep 2018 10:34:47 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
Location: https://autoconfig.gaillet.be/mail/config-v1.1.xml?emailaddress=matthieu%2540gaillet.be
Content-Length: 271
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://autoconfig.gaillet.be/mail/config-v1.1.xml?emailaddress=matthieu%2540gaillet.be">here</a>.</p>
</body></html>

Then it there is https trafic that I can not read obviously.

Maybe you could try on your side ?

26 
[root@neth ~]# automx-test
Provide the mail address for which configuration settings should be retrieved.
Mail address: matthieu@gaillet.be

Testing Autoconfig ...
Connecting to http://autoconfig.gaillet.be/mail/config-v1.1.xml?emailaddress=matthieu@gaillet.be ...

  HTTP/1.1 302 Found
  Date: Sun, 09 Sep 2018 10:41:51 GMT
  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
  Location: https://autoconfig.gaillet.be/mail/config-v1.1.xml?emailaddress=matthieu@gaillet.be
  Content-Length: 267
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/html; charset=iso-8859-1
  HTTP/1.1 200 OK
  Date: Sun, 09 Sep 2018 10:41:51 GMT
  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
  Content-Length: 858
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/xml
<?xml version='1.0' encoding='utf-8'?>
<clientConfig version="1.1">
  <emailProvider id="localhost">
    <domain>gaillet.be</domain>
    <displayName>matthieu@gaillet.be account</displayName>
    <displayShortName>matthieu</displayShortName>
    <outgoingServer type="smtp">
      <hostname>mattlabs.gaillet.be</hostname>
      <port>587</port>
      <socketType>STARTTLS</socketType>
      <authentication>password-cleartext</authentication>
      <username>matthieu</username>
      <useGlobalPreferredServer>yes</useGlobalPreferredServer>
    </outgoingServer>
    <incomingServer type="imap">
      <hostname>mattlabs.gaillet.be</hostname>
      <port>143</port>
      <socketType>STARTTLS</socketType>
      <authentication>password-cleartext</authentication>
      <username>matthieu</username>
    </incomingServer>
  </emailProvider>
</clientConfig>

Testing Autodiscover (Microsoft Outlook(tm)) ...
Connecting to https://autoconfig.gaillet.be/autodiscover/autodiscover.xml ...

  HTTP/1.1 200 OK
  Date: Sun, 09 Sep 2018 10:41:51 GMT
  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
  Content-Length: 1693
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/xml
<?xml version='1.0' encoding='utf-8'?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>prova</DisplayName>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>SMTP</Type>
        <Server>mattlabs.gaillet.be</Server>
        <Port>587</Port>
        <DomainRequired>off</DomainRequired>
        <LoginName>matthieu</LoginName>
        <SPA>off</SPA>
        <Encryption>TLS</Encryption>
        <AuthRequired>on</AuthRequired>
        <TTL>6</TTL>
      </Protocol>
      <Protocol>
        <Type>IMAP</Type>
        <Server>mattlabs.gaillet.be</Server>
        <Port>143</Port>
        <DomainRequired>off</DomainRequired>
        <LoginName>matthieu</LoginName>
        <SPA>off</SPA>
        <Encryption>TLS</Encryption>
        <AuthRequired>on</AuthRequired>
        <TTL>6</TTL>
      </Protocol>
      <Protocol>
        <Type>CardDAV</Type>
        <Server>mattlabs.gaillet.be</Server>
        <Port>443</Port>
        <DomainRequired>off</DomainRequired>
        <LoginName>matthieu</LoginName>
        <Encryption>SSL</Encryption>
        <AuthRequired>off</AuthRequired>
      </Protocol>
      <Protocol>
        <Type>CalDAV</Type>
        <Server>mattlabs.gaillet.be</Server>
        <Port>443</Port>
        <DomainRequired>off</DomainRequired>
        <LoginName>matthieu</LoginName>
        <Encryption>SSL</Encryption>
        <AuthRequired>off</AuthRequired>
      </Protocol>
    </Account>
  </Response>
</Autodiscover>

Testing Autodiscover (mobilesync) ...
Connecting to https://autoconfig.gaillet.be/autodiscover/autodiscover.xml ...

  HTTP/1.1 200 OK
  Date: Sun, 09 Sep 2018 10:41:52 GMT
  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
  Content-Length: 543
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/xml
<?xml version='1.0' encoding='utf-8'?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
    <Culture>en:us</Culture>
    <User>
      <DisplayName>prova</DisplayName>
      <EmailAddress>matthieu@gaillet.be</EmailAddress>
    </User>
    <Action>
      <Settings>
        <Server>
          <Type>MobileSync</Type>
        </Server>
      </Settings>
    </Action>
  </Response>
</Autodiscover>

Testing mobileconfig...
Connecting to https://autoconfig.gaillet.be/mobileconfig ...

  HTTP/1.1 200 OK
  Date: Sun, 09 Sep 2018 10:41:52 GMT
  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
  Content-Disposition: attachment; filename="company.mobileconfig
  Content-Length: 4878
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: application/x-apple-aspen-config; charset=utf-8
(binary content snipped)

On first glance, at least, this looks just fine. What do you see on your client machine if you try to pull up https://autoconfig.gaillet.be/mail/config-v1.1.xml?emailaddress=matthieu@gaillet.be

Edit: and noticing that python-ldap hasn’t been installed or required makes me wonder if that’s why retrieving user information from LDAP wasn’t working. I’ll feel pretty silly if that was the case, but at least it’s a pretty easy fix. Still some testing to do on that.

27

That’s why it’s a beta :slight_smile:

I’l not investigate further right now because I just discovered that a simple redirection from /.well-known/caldvav to /nextcloud/remote.php/dav (my personal case) was enough for my need, it helps OSX clients to connect easily to the nextcloud instance.

You should probably take care of the possibility to run nextcloud in a virtualhost on nethserver if you want to support that case. See Nextcloud — NethServer 7 Final

28

@danb35 i am curious about this part here:

You’ll need to set a SRV record for _autodiscover._tcp.yourdomain pointing to 0 0 443 autoconfig.yourdomain.

As seen on your instructions https://wiki.nethserver.org/doku.php?id=email_autoconfig_module

0 0 443 does this mean the domain, or am abit confused here

29

SRV records are kind of strange. The content of that record would be 0 0 443 autoconfig.yourdomain. Yes, that whole thing. Different DNS hosts may present it differently; here’s how it looks on Cloudflare:

image
image885×282 26.5 KB

As you see, they have a form to help construct the record. But the record itself is as above.

1 Like
30

Great, that image helped…

31

If i had already requested an ssl cert, will there be an issue?

One that has the main server certificate and other certificates

32

From the wiki:

You’ll need to update your TLS certificate to include a hostname of autoconfig.yourdomain, in addition to any other hostnames it may already include.

1 Like
33

am getting error. command not found, when running

config setprop automx SignMobileconfig enabled CertPath /etc/automx/fullchain.pem KeyPath /etc/automx/privkey.pem

34

Then use the full path to the config command: /sbin/e-smith/config. Or either log in directly as root, or su to root using su - to read root’s environment (including PATH), to avoid needing to use the full path.

35

And do you know how someone can configure a separate incoming and outgoing mail server.

imap.domain.org
smtp.domain.org

36

Not supported at this time; the IMAP and SMTP server names are both the full system FQDN. Changing this would require a custom template for /etc/e-smith/templates/etc/automx.conf/30global.

I’ve opened an issue against my GitHub repo, and would certainly consider a PR:

2 Likes
37

I’ve updated my RPM to allow this; you should get the update notification in the morning. Set the config properties as indicated in the new README file:

38

great. and, how can i enforce nethserver to use separate domains for incoming mail and outgoing mail.

imap. and smtp.

40

I don’t think I understand the question–can you explain in a bit more detail?

41

i have a server with the domain say nitramoneito.tld

i have configured Nethserver mail on that server.

instead of having both outgoing and incoming mail to relove at mail.nitramoneito.tld

i want smtp.nitramoneito.tld and imap.nitramoneito.tld