From ae60cdac7e438acf8fff39be3b2fb4153d68d308 Mon Sep 17 00:00:00 2001 From: Mechiel Lukkien Date: Fri, 3 Feb 2023 17:53:45 +0100 Subject: [PATCH] allow requesting a certificate for autodiscover., but don't recommend a DNS record that would make requests to it. this may help testing again in the future. autodiscover with outlook is not working now. --- http/autoconf.go | 4 ++++ mox-/config.go | 13 +++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/http/autoconf.go b/http/autoconf.go index 1e87b16..66c8d5a 100644 --- a/http/autoconf.go +++ b/http/autoconf.go @@ -150,6 +150,10 @@ func autoconfHandle(l config.Listener) http.HandlerFunc { // Autodiscover from Microsoft, also used by Thunderbird. // User should create a DNS record: _autodiscover._tcp. IN SRV 0 0 443 > +// In practice, autodiscover does not seem to work (any more). A connectivity test +// tool for outlook is available on https://testconnectivity.microsoft.com/, it has +// an option to do "Autodiscover to detect server settings". Incoming TLS +// connections are all failing, with various errors. func autodiscoverHandle(l config.Listener) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { log := xlog.WithContext(r.Context()) diff --git a/mox-/config.go b/mox-/config.go index ed013d1..8d3dbb7 100644 --- a/mox-/config.go +++ b/mox-/config.go @@ -193,12 +193,17 @@ func (c *Config) allowACMEHosts() { for _, dom := range c.Dynamic.Domains { if l.AutoconfigHTTPS.Enabled { - d, err := dns.ParseDomain("autoconfig." + dom.Domain.ASCII) - if err != nil { + if d, err := dns.ParseDomain("autoconfig." + dom.Domain.ASCII); err != nil { xlog.Errorx("parsing autoconfig domain", err, mlog.Field("domain", dom.Domain)) - continue + } else { + m.AllowHostname(d) + } + + if d, err := dns.ParseDomain("autodiscover." + dom.Domain.ASCII); err != nil { + xlog.Errorx("parsing autodiscover domain", err, mlog.Field("domain", dom.Domain)) + } else { + m.AllowHostname(d) } - m.AllowHostname(d) } if l.MTASTSHTTPS.Enabled && dom.MTASTS != nil {