Email autodiscovery

Started by Dieselboy, August 29, 2016, 10:50:36 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Dieselboy

August 29, 2016, 10:50:36 PM Last Edit: August 29, 2016, 11:36:00 PM by Dieselboy
I done some research and found that email clients try and locate an autodiscovery XML file, to configure themselves based on your email address domain. Normally if you use your own domain, you wont have autodiscovery set up and your email client will make a guess based on your domain. In some instances, the email server might not be anything related to your domain, like in my case where my domain is routed through Google Apps. and therefore to set up email accounts we have had to manually enter the email server details, with port numbers etc. I know this stuff off the top of my head now but to streamline things I've spent some time setting up autodiscovery.

I followed this web page as a guide: http://web.archive.org/web/20120828065248/http://moens.ch/2012/05/31/providing-email-client-autoconfiguration-information/

You can look at that and translate it to your domain. As I'm using Google Apps. imap and smtp servers are at .gmail.com instead of domain.com.

The only thing I have needed to change from the above link is the Outlook autodiscover.xml. On the above link it has this under SMTP:

Quote
<Type>SMTP</Type>
<Server>smtp.gmail.com</Server>
<Port>587</Port>
<DomainRequired>off</DomainRequired>
<SPA>off</SPA>
<SSL>on</SSL>

However, Gmail doesn't use SSL for SMPT, instead it uses TLS. I needed to do some searching for this one, apparently it's a secret option but it should be like this:

Quote
<Type>SMTP</Type>
<Server>smtp.gmail.com</Server>
<Port>587</Port>
<DomainRequired>off</DomainRequired>
<SPA>off</SPA>
<Encryption>TLS</Encryption>

Another thing to note is that the webserver where you place these files must be SSL enabled with proper SSL certificates. If you don't then the xml wont be used at all so it would be a waste of time. Luckily, SSL certs can be free.

So now, when I set up an outlook account I just leave it as default as if we use Microsoft Exchange. The Outlook client does it's lookup and everything is populated except your password.
This will work for other email clients as well but might need some tweaking.

Funky.

deanwebb

#1
August 30, 2016, 06:04:32 AM
This is why my Skype and Exchange can work even if I'm not connected to the company network.

Which is also why I will NEVER take my work PC to Def Con, should I ever go there. Not that I needed a specific reason, but this will do...
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.
Print
Go Up Pages1
User actions