Confirmed users
360
edits
Gaia/Email/Autoconfig: Difference between revisions
Jump to navigation
Jump to search
no edit summary
(Created page with "There are a number of steps we perform: * <b>/autoconfig/xampl.tld</b>: Check for an [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration XML config...") |
No edit summary |
||
| Line 1: | Line 1: | ||
The Gaia e-mail app has an 'automatic' configuration mechanism which is the default, where the user just enters their display name (what they want their name to look like when sending e-mails), their e-mail address, and their password. This mechanism is derived from [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration Thunderbird's autoconfig mechanism] but with changes to support the ActiveSync protocol, slightly stricter security restrictions (encryption is always required!), a lack of domain guessing support ({{bug|823640}}), and no current support for trying multiple configurations from the XML configuration file. | |||
=== Adding entries === | |||
Note: See [https://wiki.mozilla.org/Thunderbird:Autoconfiguration] for more details. | |||
* If you are a mail server operator or can convince the operator to do so: | |||
** The best thing is for the mail server operator to create and host an autoconfig entry. | |||
* If you are anyone else: | |||
** Create an XML configuration and [https://bugzilla.mozilla.org/enter_bug.cgi?component=ISPDB%20Database%20Entries&product=Webtools file and bug in the Webtools product under the ISPDB Database Entries component]. If you think there is sufficient justification to ship the file with the e-mail app, please note this in that bug. The interested parties working on the Gaia E-mail app follow that component as well. Note that this is currently only likely to happen for mail server operators with extremely large user-bases and for which vanity domains are not used. | |||
=== Thunderbird's Implementation === | |||
Details can be found at: | |||
* [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration] | |||
* [https://wiki.mozilla.org/Thunderbird:Autoconfiguration] | |||
=== Autoconfig Steps === | |||
There are a number of steps we perform: | There are a number of steps we perform: | ||
* <b>/autoconfig/xampl.tld</b>: Check for an [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration XML configuration definition] for the domain locally in the application at '/autoconfig/xampl.tld'. | * <b>/autoconfig/xampl.tld</b>: Check for an [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration/FileFormat/HowTo XML configuration definition] for the domain locally in the application at '/autoconfig/xampl.tld'. | ||
** Advantages: | ** Advantages: | ||
*** Requires no network requests to be made, so: | *** Requires no network requests to be made, so: | ||
| Line 8: | Line 29: | ||
*** The only way to update the configuration file is to update the e-mail app. If the account setup steps change, until the app is updated, manual setup may be the only way to create a working account. | *** The only way to update the configuration file is to update the e-mail app. If the account setup steps change, until the app is updated, manual setup may be the only way to create a working account. | ||
*** Disk space. Although the app is packaged as a zip file so there are some compression benefits, supporting N domains using the same configuration requires N files. This potentially does not scale well. It is probably necessary to create a more space-efficient mechanism that is aware of such duplication. | *** Disk space. Although the app is packaged as a zip file so there are some compression benefits, supporting N domains using the same configuration requires N files. This potentially does not scale well. It is probably necessary to create a more space-efficient mechanism that is aware of such duplication. | ||
* <b>http://autoconfig.xampl.tld/mail/config-v1.1.xml?emailaddress=user%40xampl.tld</b>: Check for a [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration XML configuration definition] hosted by the server operator at a subdomain. | * <b>http://autoconfig.xampl.tld/mail/config-v1.1.xml?emailaddress=user%40xampl.tld</b>: Check for a [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration/FileFormat/HowTo XML configuration definition] hosted by the server operator at a subdomain. | ||
** Advantages: | ** Advantages: | ||
*** The server operator completely controls the settings for their domain. We don't need to ship a configuration with the phone or add it to the Thunderbird ISP database. | *** The server operator completely controls the settings for their domain. We don't need to ship a configuration with the phone or add it to the Thunderbird ISP database. | ||
| Line 16: | Line 37: | ||
*** While the Thunderbird autoconfig mechanism has been adopted by some other open-source clients and has a non-trivial user-base, it's also not the world's largest user-base so not all o | *** While the Thunderbird autoconfig mechanism has been adopted by some other open-source clients and has a non-trivial user-base, it's also not the world's largest user-base so not all o | ||
*** The request is made as a non-https request. See [https://wiki.mozilla.org/Thunderbird:Autoconfiguration the original Thunderbird autoconfig feature page for links to security considerations and review]. | *** The request is made as a non-https request. See [https://wiki.mozilla.org/Thunderbird:Autoconfiguration the original Thunderbird autoconfig feature page for links to security considerations and review]. | ||
* <b>http://xampl.tld/.well-known/autoconfig/mail/config-v1.1.xml?emailaddress=user%40xampl.tld</b>: Check for a [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration XML configuration definition] hosted by the server operator at the root-domain using a [http://tools.ietf.org/html/rfc5785 well-known URI]. All the advantages/disadvantages are the same as for the previous server-operator hosted mechanism, the domain is simply different. | * <b>http://xampl.tld/.well-known/autoconfig/mail/config-v1.1.xml?emailaddress=user%40xampl.tld</b>: Check for a [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration/FileFormat/HowTo XML configuration definition] hosted by the server operator at the root-domain using a [http://tools.ietf.org/html/rfc5785 well-known URI]. All the advantages/disadvantages are the same as for the previous server-operator hosted mechanism, the domain is simply different. | ||
* <b>https://xampl.tld/autodiscover/autodiscover.xml</b>: Look for an ActiveSync AutoDiscover server hosted by the server operator. This is a secure authenticated POST request that includes the e-mail address in the POST payload; the credentials (e-mail address and password) are provided as part of the usual authentication header. | * <b>https://xampl.tld/autodiscover/autodiscover.xml</b>: Look for an ActiveSync AutoDiscover server hosted by the server operator. This is a secure authenticated POST request that includes the e-mail address in the POST payload; the credentials (e-mail address and password) are provided as part of the usual authentication header. | ||
** Advantages: | ** Advantages: | ||
| Line 25: | Line 46: | ||
**** The implication from this as things are currently implemented is that if an operator provides both ActiveSync (with AutoDiscover) and IMAP then we want to host an XML config in the app to force use of IMAP. | **** The implication from this as things are currently implemented is that if an operator provides both ActiveSync (with AutoDiscover) and IMAP then we want to host an XML config in the app to force use of IMAP. | ||
* <b>https://autodiscover.xampl.tld/autodiscover/autodiscover.xml</b>: ActiveSync AutoDiscover via sub-domain. Same advantages/disadvantages as the previous lookup. | * <b>https://autodiscover.xampl.tld/autodiscover/autodiscover.xml</b>: ActiveSync AutoDiscover via sub-domain. Same advantages/disadvantages as the previous lookup. | ||
* <b>https://live.mozillamessaging.com/autoconfig/v1.1/xampl.tld</b>: Look for a [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration XML configuration definition] in the Mozilla-hosted Thunderbird ISP database. | * <b>https://live.mozillamessaging.com/autoconfig/v1.1/xampl.tld</b>: Look for a [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration/FileFormat/HowTo XML configuration definition] in the Mozilla-hosted Thunderbird ISP database. | ||
** Advantages: | ** Advantages: | ||
*** Entries are shared with Thunderbird, many already exist. | *** Entries are shared with Thunderbird, many already exist. | ||
| Line 41: | Line 62: | ||
** Disadvantages: | ** Disadvantages: | ||
*** The Mozilla server is also a single-point-of-failure. If the server is down, this step does not work for any users. If the server is compromised or its DNS lookups are compromised, this affects all users who make it to this step for the duration of the compromise. However, the server has been operational for many years with no compromises and no meaningful downtime. | *** The Mozilla server is also a single-point-of-failure. If the server is down, this step does not work for any users. If the server is compromised or its DNS lookups are compromised, this affects all users who make it to this step for the duration of the compromise. However, the server has been operational for many years with no compromises and no meaningful downtime. | ||
* <b>/autoconfig/mx-xampl.tld</b>: Look for a [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration XML configuration definition] for the domain returned by the DNS MX lookup (if it differs from the original domain) stored locally in the e-mail app. See the first local lookup for advantages/disadvantages. | * <b>/autoconfig/mx-xampl.tld</b>: Look for a [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration/FileFormat/HowTo XML configuration definition] for the domain returned by the DNS MX lookup (if it differs from the original domain) stored locally in the e-mail app. See the first local lookup for advantages/disadvantages. | ||
* <b>https://live.mozillamessaging.com/autoconfig/v1.1/mx-xampl.tld</b>: Look for a [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration XML configuration definition] Thunderbird ISP database entry for the domain returned by the DNS MX lookup. See the first ISP database lookup for advantages/disadvantages. | * <b>https://live.mozillamessaging.com/autoconfig/v1.1/mx-xampl.tld</b>: Look for a [https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration/FileFormat/HowTo XML configuration definition] Thunderbird ISP database entry for the domain returned by the DNS MX lookup. See the first ISP database lookup for advantages/disadvantages. | ||
Things that could be done to enhance the implementation: | Things that could be done to enhance the implementation: | ||