Outlook autodiscover and STARTTLS
Admin Beckspaced
admin at beckspaced.com
Sat Oct 23 09:25:24 CEST 2021
> * Admin Beckspaced:
>
>> If I query autodiscover for Outlook it does not show STARTTLS. Instead
>> it shows <SSL>off</SSL>
> That's expected. The DB value "SSL" indicates that connections need to
> be encrypted right off the bat (e.g. ports 465, 993). "STARTTLS" means
> that the initial connection is unencrypted and then both sides agreee to
> enable encryption before authentication data is sent.
>
>> Or should I just change the priorities and first offer ports 993 | 995
>> | 465 for SSL?
> The Mobileconfig generator actually prefers settings like 465/SSL over
> 587/STARTTLS (the same for the respective POP3 and IMAP ports) if both
> mechanisms are defined with identical priorities. Mobileconfig permits
> only one inbound and one outbound server, so automx2 needs to pick and
> choose, but for Autoconfig and Autodiscover, priority determines the
> order of servers listed in the output data.
>
> However, there is no guarantee that a given MUA respects the order of
> servers in the config data. This is a design oversight of the protocols,
> not of automx2. The only way to be certain what data is picked by the
> MUAs is to configure just one server per role in the DB.
>
> -Ralph
>
> P.S.: When asking for assistance, please make sure to state which
> version of automx2 you are using, otherwise I will assume the latest
> available release.
Hello Ralph,
thanks again for you reply and clarifying things.
Yes, I use the latest release automx2
I had trouble figuring out how generating a mobileconfig actually works.
But luckily found a link in a closed topic at github
https://github.com/rseichter/automx2/issues/1
There it states the different Curl request
e.g.
https://autodiscover.beckspaced.com/mobileconfig/?emailaddress=user@beckspaced.com
At first I always got an error (400 Bad Request) when trying to access
the mobileconfig URL
But then I remembered that I changed the 'authentication' from 'plain'
to 'password-cleartext'
as 'plain' was marked as deprecated
https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat
Changing 'authentication' back to 'plain' solves the 400 bad request.
thanks again
& have a nice weekend
Becki
More information about the automx-users
mailing list