Outlook autodiscover and STARTTLS

Ralph Seichter automx2 at seichter.de
Fri Oct 22 20:32:56 CEST 2021

* Admin Beckspaced:

> If I query autodiscover for Outlook it does not show STARTTLS. Instead
> it shows <SSL>off</SSL>

That's expected. The DB value "SSL" indicates that connections need to
be encrypted right off the bat (e.g. ports 465, 993). "STARTTLS" means
that the initial connection is unencrypted and then both sides agreee to
enable encryption before authentication data is sent.

> Or should I just change the priorities and first offer ports 993 | 995
> | 465 for SSL?

The Mobileconfig generator actually prefers settings like 465/SSL over
587/STARTTLS (the same for the respective POP3 and IMAP ports) if both
mechanisms are defined with identical priorities. Mobileconfig permits
only one inbound and one outbound server, so automx2 needs to pick and
choose, but for Autoconfig and Autodiscover, priority determines the
order of servers listed in the output data.

However, there is no guarantee that a given MUA respects the order of
servers in the config data. This is a design oversight of the protocols,
not of automx2. The only way to be certain what data is picked by the
MUAs is to configure just one server per role in the DB.


P.S.: When asking for assistance, please make sure to state which
version of automx2 you are using, otherwise I will assume the latest
available release.

More information about the automx-users mailing list