search

mjl- / mox

modern full-featured open source secure mail server for low-maintenance self-hosted email
https://www.xmox.nl
MIT License
3.5k stars 96 forks source link

unable to use autodiscover in outlook #200

Open TTTPOB opened 1 month ago

TTTPOB commented 1 month ago

when type in my email address (me@xx.yy) in outlook, it starts to loading and loading and loading.

I can say the dns are all set, and I can see logs both from nginx and mox nginx

xx.yy.zz.ww - - [06/Aug/2024:07:15:41 -0700] "GET /autodiscover/autodiscover.json/v1.0/me@xx.yy?Protocol=Autodiscoverv1&RedirectCount=1 HTTP/1.1" 403 29 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.17726; Pro)"

mox

Aug 06 07:15:41 hz-xx-1 mox[518539]: l=debug m="http request" pkg=http httpaccess= handler=account method=get url="/autodiscover/autodiscover.json/v1.0/me@xx.yy?Protocol=Autodiscoverv1&RedirectCount=1" host=mail.xx.yy duration="47.557µs" statuscode=403 proto=http/1.1 remoteaddr=127.0.0.1:49820 tlsinfo=plain useragent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.17726; Pro)" referrr= size=29 cid=191xxxxx

I think my tls/nginx reverse proxy setup are also good because I can log into the webmail and admin page.

let me know if you want more message.

thank you for this great mail server!

mjl- commented 1 month ago

Hi @TTTPOB, those requests are interesting, they don't look familiar to me. Mox is expecting a request for /autodiscover/autodiscover.xml. I suspect microsoft has started using a new autodiscovery mechanism. A quick search doesn't turn up any documentation. I've been looking at https://learn.microsoft.com/en-us/exchange/architecture/client-access/autodiscover?view=exchserver-2019, which mentions the autodiscover XML file.

Could you try Microsoft's own exchange autodiscovery connectivity testing tool at https://testconnectivity.microsoft.com/tests/O365Ola/input? It's not working for me at the moment (gets stuck at "loading").

Btw, microsoft autodiscovery has never worked in my testing. All their HTTPS requests were failing because they were doing TLS handshakes incorrectly (trailing dot in SNI hostnames, if I remember correctly; the Go TLS library correctly rejects it, other TLS libraries probably not (what nginx is using)). I've only seen Thunderbird successfully use microsoft's autodiscovery.

Perhaps microsoft's new autodiscovery mechanism/code would work with us. First step is figuring out what the protocol is. (:

TTTPOB commented 1 month ago

I can't guarente but I will test if I have spare time this weekend.

mjl- commented 1 month ago

The JSON mechanism was mentioned in 2018. So it's not really new. Microsoft doesn't appear to have documented. Some information here: https://www.msxfaq.de/exchange/autodiscover/autodiscover_v2.htm. The request you're seeing may be for a URL to do autodiscoverv1 against, perhaps it's enough to just return a JSON response like this:

{
   "Protocol":"AutodiscoverV1",
   "Url":"https://outlook.office365.com/autodiscover/autodiscover.xml"
}

You're not also seeing requests for /autodiscover/autodiscover.xml?