Outlook autodiscover and STARTTLS

Admin Beckspaced admin at beckspaced.com
Sat Oct 23 09:25:24 CEST 2021 

> * Admin Beckspaced:
>
>> If I query autodiscover for Outlook it does not show STARTTLS. Instead
>> it shows <SSL>off</SSL>
> That's expected. The DB value "SSL" indicates that connections need to
> be encrypted right off the bat (e.g. ports 465, 993). "STARTTLS" means
> that the initial connection is unencrypted and then both sides agreee to
> enable encryption before authentication data is sent.
>
>> Or should I just change the priorities and first offer ports 993 | 995
>> | 465 for SSL?
> The Mobileconfig generator actually prefers settings like 465/SSL over
> 587/STARTTLS (the same for the respective POP3 and IMAP ports) if both
> mechanisms are defined with identical priorities. Mobileconfig permits
> only one inbound and one outbound server, so automx2 needs to pick and
> choose, but for Autoconfig and Autodiscover, priority determines the
> order of servers listed in the output data.
>
> However, there is no guarantee that a given MUA respects the order of
> servers in the config data. This is a design oversight of the protocols,
> not of automx2. The only way to be certain what data is picked by the
> MUAs is to configure just one server per role in the DB.
>
> -Ralph
>
> P.S.: When asking for assistance, please make sure to state which
> version of automx2 you are using, otherwise I will assume the latest
> available release.

Hello Ralph,

thanks again for you reply and clarifying things.
Yes, I use the latest release automx2

I had trouble figuring out how generating a mobileconfig actually works.

But luckily found a link in a closed topic at github

https://github.com/rseichter/automx2/issues/1

There it states the different Curl request

e.g. 
https://autodiscover.beckspaced.com/mobileconfig/?emailaddress=user@beckspaced.com

At first I always got an error (400 Bad Request) when trying to access 
the mobileconfig URL

But then I remembered that I changed the 'authentication' from 'plain' 
to 'password-cleartext'
as 'plain' was marked as deprecated

https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat

Changing 'authentication' back to 'plain' solves the 400 bad request.

thanks again
& have a nice weekend
Becki

More information about the automx-users mailing list