How to automatically configure email (Thunderbird, Outlook, and iOS/OSX Mail) with Nethserver

mail
v7

(Matthieu Gaillet) #21

Hi ! Very interesting work.

I ran into multiple issues however. At first nothing worked. Mobileconfig files were empty, and Thunderbird didn’t auto configured.

Here are my debug notes :

Trying to test using /usr/bin/automx-test :

Testing Autoconfig ...
Connecting to http://autoconfig.gaillet.be/mail/config-v1.1.xml?emailaddress=matthieu@gaillet.be ...

  HTTP/1.1 302 Found
  Date: Sat, 08 Sep 2018 19:31:50 GMT
  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
  Location: https://autoconfig.gaillet.be/mail/config-v1.1.xml?emailaddress=matthieu@gaillet.be
  Content-Length: 267
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/html; charset=iso-8859-1
  HTTP/1.1 500 Internal Server Error
  Date: Sat, 08 Sep 2018 19:31:50 GMT
  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
  Content-Length: 0
  Connection: close
  Content-Type: text/xml
Trying fallback URL ...
Connecting to http://gaillet.be/.well-known/autoconfig/mail/config-v1.1.xml?emailaddress=matthieu@gaillet.be ...

No autoconfig endpoint found.

In /var/log/httpd/error_log, I see [Errno 2] No such file or directory: u'/var/log/automx/automx.log'
–> easy one : chown apache:apache /var/log/automx/

and also :
raise Exception("python ldap missing")

Therefore I tried to pip install python-ldap, which in turn failed because I first needed to yum install python-devel openldap-devel.

Then it begun to work. At least it looked like it worked but still Thunderbird isn’t auto configuring.

There is a connection on http port, with a 302 invitation to switch https, then I don’t know what happens.

Next I use the web interface to generate a mobileconfig file. It works !

Now the next big deal is getting caldav and carddav auto configure for nextcloud !

Enough for tonight, I’ll go further tomorrow. If someone has some advice, I’ll be happy to follow them.

BTW, passwords are showed as clear text in the logs. I guess that shouldn’t be the case ?!


(Dan) #22

I thought I’d required python-ldap as a dependency in nethserver-automx, but it looks like I hadn’t. I’ll try to get an updated RPM out shortly to address that. I’d recommend yum install python-ldap, though, rather than pip.

I believe this is expected if you have Debug turned on–which is one reason you shouldn’t leave it turned on.

The redirect issue isn’t expected with 0.0.1-5–which version do you have installed?


(Matthieu Gaillet) #23

Thanks I followed your advice.

Installed Packages
Name        : nethserver-automx
Arch        : noarch
Version     : 0.0.1
Release     : 5.ns7
Size        : 4.5 k
Repo        : installed
From repo   : danb35
Summary     : NethServer configuration for automx
License     : GPL
Description : NethServer configuration for automx (https://automx.org)

This morning there was an update, I did it :

---> Package nethserver-automx.noarch 0:0.0.1-5.ns7 will be updated
---> Package nethserver-automx.noarch 0:0.0.1-6.ns7 will be an update

in access-log I see

10.0.1.57 - - [09/Sep/2018:09:14:06 +0200] "POST /mobileconfig HTTP/1.1" 200 4886 "https://autoconfig.gaillet.be/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.│

That looks better but still Thunderbird complains that it can’t find the right settings. Could be a Thunderbird issue tough.


(Dan) #24

Could be, but shouldn’t. What’s the result of automx-test now?


(Matthieu Gaillet) #25

Works perfectly.

Wireshark tcp conversation trace taken on the client side :

GET /mail/config-v1.1.xml?emailaddress=matthieu%40gaillet.be HTTP/1.1
Host: autoconfig.gaillet.be
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 Lightning/5.4.9.1
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 302 Found
Date: Sun, 09 Sep 2018 10:34:47 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
Location: https://autoconfig.gaillet.be/mail/config-v1.1.xml?emailaddress=matthieu%2540gaillet.be
Content-Length: 271
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://autoconfig.gaillet.be/mail/config-v1.1.xml?emailaddress=matthieu%2540gaillet.be">here</a>.</p>
</body></html>

Then it there is https trafic that I can not read obviously.

Maybe you could try on your side ?


(Dan) #26
[root@neth ~]# automx-test
Provide the mail address for which configuration settings should be retrieved.
Mail address: matthieu@gaillet.be

Testing Autoconfig ...
Connecting to http://autoconfig.gaillet.be/mail/config-v1.1.xml?emailaddress=matthieu@gaillet.be ...

  HTTP/1.1 302 Found
  Date: Sun, 09 Sep 2018 10:41:51 GMT
  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
  Location: https://autoconfig.gaillet.be/mail/config-v1.1.xml?emailaddress=matthieu@gaillet.be
  Content-Length: 267
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/html; charset=iso-8859-1
  HTTP/1.1 200 OK
  Date: Sun, 09 Sep 2018 10:41:51 GMT
  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
  Content-Length: 858
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/xml
<?xml version='1.0' encoding='utf-8'?>
<clientConfig version="1.1">
  <emailProvider id="localhost">
    <domain>gaillet.be</domain>
    <displayName>matthieu@gaillet.be account</displayName>
    <displayShortName>matthieu</displayShortName>
    <outgoingServer type="smtp">
      <hostname>mattlabs.gaillet.be</hostname>
      <port>587</port>
      <socketType>STARTTLS</socketType>
      <authentication>password-cleartext</authentication>
      <username>matthieu</username>
      <useGlobalPreferredServer>yes</useGlobalPreferredServer>
    </outgoingServer>
    <incomingServer type="imap">
      <hostname>mattlabs.gaillet.be</hostname>
      <port>143</port>
      <socketType>STARTTLS</socketType>
      <authentication>password-cleartext</authentication>
      <username>matthieu</username>
    </incomingServer>
  </emailProvider>
</clientConfig>

Testing Autodiscover (Microsoft Outlook(tm)) ...
Connecting to https://autoconfig.gaillet.be/autodiscover/autodiscover.xml ...

  HTTP/1.1 200 OK
  Date: Sun, 09 Sep 2018 10:41:51 GMT
  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
  Content-Length: 1693
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/xml
<?xml version='1.0' encoding='utf-8'?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>prova</DisplayName>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>SMTP</Type>
        <Server>mattlabs.gaillet.be</Server>
        <Port>587</Port>
        <DomainRequired>off</DomainRequired>
        <LoginName>matthieu</LoginName>
        <SPA>off</SPA>
        <Encryption>TLS</Encryption>
        <AuthRequired>on</AuthRequired>
        <TTL>6</TTL>
      </Protocol>
      <Protocol>
        <Type>IMAP</Type>
        <Server>mattlabs.gaillet.be</Server>
        <Port>143</Port>
        <DomainRequired>off</DomainRequired>
        <LoginName>matthieu</LoginName>
        <SPA>off</SPA>
        <Encryption>TLS</Encryption>
        <AuthRequired>on</AuthRequired>
        <TTL>6</TTL>
      </Protocol>
      <Protocol>
        <Type>CardDAV</Type>
        <Server>mattlabs.gaillet.be</Server>
        <Port>443</Port>
        <DomainRequired>off</DomainRequired>
        <LoginName>matthieu</LoginName>
        <Encryption>SSL</Encryption>
        <AuthRequired>off</AuthRequired>
      </Protocol>
      <Protocol>
        <Type>CalDAV</Type>
        <Server>mattlabs.gaillet.be</Server>
        <Port>443</Port>
        <DomainRequired>off</DomainRequired>
        <LoginName>matthieu</LoginName>
        <Encryption>SSL</Encryption>
        <AuthRequired>off</AuthRequired>
      </Protocol>
    </Account>
  </Response>
</Autodiscover>

Testing Autodiscover (mobilesync) ...
Connecting to https://autoconfig.gaillet.be/autodiscover/autodiscover.xml ...

  HTTP/1.1 200 OK
  Date: Sun, 09 Sep 2018 10:41:52 GMT
  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
  Content-Length: 543
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/xml
<?xml version='1.0' encoding='utf-8'?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
    <Culture>en:us</Culture>
    <User>
      <DisplayName>prova</DisplayName>
      <EmailAddress>matthieu@gaillet.be</EmailAddress>
    </User>
    <Action>
      <Settings>
        <Server>
          <Type>MobileSync</Type>
        </Server>
      </Settings>
    </Action>
  </Response>
</Autodiscover>

Testing mobileconfig...
Connecting to https://autoconfig.gaillet.be/mobileconfig ...

  HTTP/1.1 200 OK
  Date: Sun, 09 Sep 2018 10:41:52 GMT
  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
  Content-Disposition: attachment; filename="company.mobileconfig
  Content-Length: 4878
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: application/x-apple-aspen-config; charset=utf-8
(binary content snipped)

On first glance, at least, this looks just fine. What do you see on your client machine if you try to pull up https://autoconfig.gaillet.be/mail/config-v1.1.xml?emailaddress=matthieu@gaillet.be

Edit: and noticing that python-ldap hasn’t been installed or required makes me wonder if that’s why retrieving user information from LDAP wasn’t working. I’ll feel pretty silly if that was the case, but at least it’s a pretty easy fix. Still some testing to do on that.


(Matthieu Gaillet) #27

That’s why it’s a beta :slight_smile:

I’l not investigate further right now because I just discovered that a simple redirection from /.well-known/caldvav to /nextcloud/remote.php/dav (my personal case) was enough for my need, it helps OSX clients to connect easily to the nextcloud instance.

You should probably take care of the possibility to run nextcloud in a virtualhost on nethserver if you want to support that case. See http://docs.nethserver.org/en/v7/nextcloud.html#custom-virtual-host