Mail Client AutoConfiguration Issues

wheeler · April 9, 2013, 8:46am

Hi,

I love the mail client autoconfiguration options, however it’s currently set to use plaintext authentication on port 25 for SMTP.

I have “Enable TLS encryption?” set to Always and Port 25 firewalled off for to help with PCI DSS compliance, so it would be great if I could edit the autoconfiguration template, or if it could pickup some more sensible detaults based on the server configuration.

I see you have “Added a template section to configure the mail client auto-configuration XML, for example if some domains use custom mail servers.” on the release notes for 3.99 - this sound like exactly what I’m looking for but I can’t find it anywhere (I’m running 3.99.gpl on CentOS 6.4 and using Postfix).

Also, when I enabled the Mail Client Autoconfiguration I get the following output (although I think it worked the fist time I ran it):

Enabling mail client autoconfiguration for 5 virtual servers …
Failed for domain1.com :

Failed for domain2.com :

Failed for domain3.com :

Failed for domain4.com :

Failed for domain5.com :

… done

However, it does seems to work, correctly creating the cgi-bin/autoconfig.cgi files and mapping them to /mail/config-v1.1.xml for each domain

Many thanks,

Chris

HarryZink · April 15, 2013, 7:03am

Same exact behavior on my end -

Failed for domain2.com :

Failed for domain3.com :

Failed for domain4.com :

Failed for domain5.com :

Is this being addressed?

Jamie · April 15, 2013, 10:22pm

That error message is misleading - due to a bug in the code, it will appear even if there was no error!

You can configure the XML template at System Settings -> Server Templates -> Default Settings -> Mail client auto-configuration.

wheeler · April 16, 2013, 8:07am

Hi, Thanks, I’ve found the XML Template editor… It containts:


<?xml version="1.0" encoding="UTF-8"?>

  
    $SMTP_DOMAIN
    $OWNER Email
    $OWNER
    
      $IMAP_HOST
      $IMAP_PORT
      $IMAP_TYPE
      $IMAP_ENC
      $SMTP_LOGIN
    
    
      $SMTP_HOST
      $SMTP_PORT
      $SMTP_TYPE
      $SMTP_ENC
      $SMTP_LOGIN

Which looks right - but how to I change the values of the variables so that I can set it to use TLS by default for SMTP? (Port 587 etc). Should I just remove the variables and replace with the static values? Or is there another page where they are calculated pre-account?

Jamie · April 16, 2013, 5:32pm

Yes, you can just replace the variable with a static port number.

sonoracomm · May 3, 2013, 6:48pm

How would I tweak to suggest/enable TLS on the SMTP (outgoingServer)?

Or do I even have to? Maybe TLS is used anyway?

Thanks,

G

p.s. “echo $SMTP_ENC” at the server CLI shows nothing.

Jamie · May 4, 2013, 5:53am

In the template described earlier in the thread, just replace $SMTP_TYPE with STARTTLS

sonoracomm · May 5, 2013, 11:02pm

Perfect. I actually decided to use ‘SSL’ instead of ‘STARTTLS’. Many clients have port 25 blocked by ISPs and I wanted to get around that.

Works great now!

Thanks,

G

sonoracomm · May 5, 2013, 11:24pm

I spoke too soon.

The remaining problem I ran into is that the autoconfig is being populated (most of the time?) with a bad username.

On our server, we use short usernames (without the domain name or TLD) most of the time, but if there is a conflict, the system creates usernames in the form of ‘username.domain’ (not username.domain.tld).

The autoconfiguration appears to be plugging in ‘username.domain’ all the time which fails most of the time.

How might I tweak te XML template for just ‘username’?

Thanks,

G

Jamie · May 6, 2013, 2:38am

Unfortunately, that use case isn’t supported

The autoconfig script doesn’t have access to the user database (as it just runs as a regular CGI script), so it doesn’t know which users have been given short names.

sonoracomm · May 9, 2013, 3:19pm

OK, then, what use case is supported? I imagined my use case to be mainstream.

Thanks,

G

p.s. We’re using LDAP. Does that make a difference?

Jamie · May 9, 2013, 8:50pm

The case it is designed to support is the default Virtualmin behavior, where every username has the domain as a prefix or suffix.

roman1983 · August 18, 2013, 10:00am

It seems to me that the configuration-settings for the XML-template are not read from Postfix/Dovecot. I have changed some authentication-settings (e.g. from plaintext-password to crypted) but this value was not changed in the xml template - even if set up a new virtual server for testing.

Is this right that i have to change the variables in /cgi-bin/autoconfig.cgi for every host manually if i change the postfix/dovecot configuration?

If yes, please fix it so that the new changes will be rolled out to every installed virtual server. Thanks!

Jamie · August 18, 2013, 6:07pm

These settings should be read from the active Postfix and Dovecot settings.

For example, with Dovecot if not running in SSL mode and if the disable_plaintext_auth directive is set to yes , then password-encrypted mode will be used for IMAP in the XML.

sonoracomm · August 19, 2013, 6:45pm

OK, after writing off this feature as unusable, I’m revisiting. I really want it to work.

How can I make the script actually determine the username instead of guessing? We just use the most normal format of ‘username’, no domain, no TLD.
What variable can I use so that the AutoConfiguration CGI script spits out the username ($SMTP_LOGIN) in the format of “username”…no domain, no TLD?
Once I make a change here:

System Settings -> Server Templates -> Default Settings -> Mail client auto-configuration

How to I activate the changes? Per domain? If I make changes, they are not displayed here:

http://www.domain.tld/cgi-bin/autoconfig.cgi?emailaddress=myaddress@mydomain.tld

Thank in advance,

G

Jamie · August 20, 2013, 8:13pm

The script will use whatever username format is configured for the domain, at the time autoconfiguration was enabled. Unfortunately because it runs as a CGI, it doesn’t have access to the actual username, so its guess can be wrong if the username format was changed.
You can use $mailbox
This is a bug - the new XML should be applied when you change the template. Currently you have to disable and then re-enabled autoconfiguration to force the new template to be used.

sonoracomm · August 20, 2013, 10:24pm

I now have this feature working for most users. Thanks much for the info.

I think this feature needs to be improved, less guessing and more programatic, but I’m happy to be this close!

So the basic procedure is:

Disable Auto-Configuration Feature
Modify the XML
Re-enable the Auto-Configuration Feature
Use a browser to check the results:

http://www.yourdomain.tld/cgi-bin/autoconfig.cgi?emailaddress=yourusername@yourdomain.tld

BTW, for anyone that has to look this up:

You currently have to edit the XML file here:

System Settings -> Server Templates -> (template) -> Mail Client Auto-Configuration

Then, to activate the changes, disable the Auto-Configuration Feature, then re-enable it:

E-Mail Messages -> Mail Client Configuration

Thanks,

G

Jean-MarcCoursimault · October 6, 2013, 5:49pm

Hi,

I just discovered the new autoconfiguration feature and updated webmin/virtualmin accordingly.

On my SMTP/POP/IMAP server I manage all mail accounts with Webmin.

I tried to “Enable mail client autoconfiguration”.

And I get the message : “No virtual servers with email enabled exist”. Well… all the virtual servers are there only for email (the web sites are elsewhere).

How can I find more about what’s causing the pb ? I do not see anything in webmin.log, miniserv.log and miniserv.error.

Thanks !
– JM

Jean-MarcCoursimault · October 6, 2013, 5:54pm

Replying to myself.

Okay… obviously if the web servers are elsewhere Webmin cannot generate a file inside the web server.

Hm. Is there a way to generate the autoconfig file so that I can transfer it to the Webmin box that manages the web servers ?

Thanks
– JM

Jamie · October 6, 2013, 7:03pm

You could try enabling a website for one domain, manually fetching the autoconfig XML, and then having it served from your real webserver for other domains.