Add support for Thunderbird automatic configuration

Resolves #114

README.textile

@@ -32,6 +32,7 @@ What do you get if you point this thing at a VPS? All kinds of good stuff!
 * "SMTP":https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol over SSL via Postfix, including a nice set of "DNSBLs":https://en.wikipedia.org/wiki/DNSBL to discard spam before it ever hits your filters.
 * Webmail via "Roundcube":http://www.roundcube.net/.
 * Mobile push notifications via "Z-Push":http://z-push.sourceforge.net/soswp/index.php?pages_id=1&t=home.
+* Email client "automatic configuration":https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration.
 * Jabber/"XMPP":http://xmpp.org/ instant messaging via "Prosody":http://prosody.im/.
 * An RSS Reader via "Selfoss":http://selfoss.aditu.de/.
 * Virtual domains for your email, backed by "PostgreSQL":http://www.postgresql.org/.
@@ -191,6 +192,7 @@ If you've just bought a new domain name, point it at "Linode's DNS Manager":http
 Create an @A@ records which point to your server IP for:
  * @example.com@
  * @mail.example.com@
+ * @autoconfig.example.com@ (for email client automatic configuration)
  * @read.example.com@ (for wallabe)
  * @news.example.com@ (for selfoss)
  * @cloud.example.com@ (for owncloud)

roles/mailserver/tasks/autoconfig.yml

@@ -0,0 +1,22 @@
+---
+#
+# Autoconfig XML file for email clients
+# https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration
+#
+
+- name: Create directory for mail autoconfiguration virtualhost
+  file: state=directory path=/var/www/autoconfig group=www-data owner=www-data
+
+- name: Create directory holding the autoconfig XML file
+  file: state=directory path=/var/www/autoconfig/mail group=www-data owner=www-data
+
+- name: Create the autoconfig XML file
+  template: src=var_www_autoconfig_mail_config-v1.1.j2 dest=/var/www/autoconfig/mail/config-v1.1.xml group=www-data owner=www-data
+
+- name: Configure the mail autoconfiguration virtualhost
+  template: src=etc_apache2_sites-available_autoconfig.j2 dest=/etc/apache2/sites-available/autoconfig.conf group=root owner=root
+  notify: restart apache
+
+- name: Enable the mail autoconfiguration virtualhost
+  command: a2ensite autoconfig.conf creates=/etc/apache2/sites-enabled/autoconfig.conf
+  notify: restart apache

roles/mailserver/tasks/main.yml

@@ -4,4 +4,5 @@
 - include: dspam.yml tags=dspam
 - include: solr.yml tags=solr
 - include: checkrbl.yml tags=checkrbl
-- include: z-push.yml tags=zpush
+- include: z-push.yml tags=zpush
+- include: autoconfig.yml tags=autoconfig

roles/mailserver/templates/etc_apache2_sites-available_autoconfig.j2

@@ -0,0 +1,34 @@
+# NOTE: We don't permanently redirect clients to the HTTPS address because some clients, like
+# Thunderbird, dont't follow redirections to the HTTPS URL.
+#
+# Additionally, documentation doesn't say whether the XML file should be served over either HTTP,
+# HTTPS or both, even though only the former is mentioned. Still, we allow clients to choose
+# between HTTP and HTTPS transports.
+
+<VirtualHost *:80>
+
+    ServerName {{ mail_server_autoconfig_hostname }}
+
+    DocumentRoot            "/var/www/autoconfig"
+    Options                 -Indexes
+
+    HostnameLookups         Off
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName {{ mail_server_autoconfig_hostname }}
+
+    SSLEngine on
+    SSLProtocol ALL -SSLv2
+    SSLHonorCipherOrder On
+    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
+    SSLCertificateFile      /etc/ssl/certs/wildcard_public_cert.crt
+    SSLCertificateKeyFile   /etc/ssl/private/wildcard_private.key
+    SSLCACertificateFile    /etc/ssl/certs/wildcard_ca.pem
+    Header add Strict-Transport-Security "max-age=15768000; includeSubdomains"
+
+    DocumentRoot            "/var/www/autoconfig"
+    Options                 -Indexes
+
+    HostnameLookups         Off
+</VirtualHost>

roles/mailserver/templates/var_www_autoconfig_mail_config-v1.1.j2

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<clientConfig version="1.1">
+    <emailProvider id="{{ domain }}">
+        <domain>{{ domain }}</domain>
+        <displayName>{{ domain }}</displayName>
+        <displayShortName>{{ domain }}</displayShortName>
+        <incomingServer type="imap">
+            <hostname>{{ mail_server_hostname }}</hostname>
+            <port>993</port>
+            <socketType>SSL</socketType>
+            <authentication>password-cleartext</authentication>
+            <username>%EMAILADDRESS%</username>
+        </incomingServer>
+        <incomingServer type="pop3">
+            <hostname>{{ mail_server_hostname }}</hostname>
+            <port>995</port>
+            <socketType>SSL</socketType>
+            <authentication>password-cleartext</authentication>
+            <username>%EMAILADDRESS%</username>
+        </incomingServer>
+        <outgoingServer type="smtp">
+            <hostname>{{ mail_server_hostname }}</hostname>
+            <port>587</port>
+            <socketType>SSL</socketType>
+            <authentication>password-cleartext</authentication>
+            <username>%EMAILADDRESS%</username>
+        </outgoingServer>
+    </emailProvider>
+</clientConfig>

tests.py

@@ -39,6 +39,18 @@ class WebTests(unittest.TestCase):
         # 403 - Since there is no documents in the blog directory
         self.assertEquals(r.status_code, 403)
 
+    def test_mail_autoconfig_http_and_https(self):
+        """Email autoconfiguration XML file is accessible over both HTTP and HTTPS"""
+
+        # Test getting the file over HTTP and HTTPS
+        for proto in ['http', 'https']:
+            r = requests.get(proto + '://autoconfig.' + TEST_SERVER + '/mail/config-v1.1.xml')
+
+            # 200 - We should see the XML file
+            self.assertEquals(r.status_code, 200)
+            self.assertIn('application/xml', r.headers['Content-Type'])
+            self.assertIn('clientConfig version="1.1"', r.content)
+
     def test_webmail_http(self):
         """Webmail is redirecting to https and displaying login page"""
         r = requests.get('http://mail.' + TEST_SERVER)

vars/defaults.yml

@@ -51,6 +51,7 @@ znc_version: 1.4
 
 # mailserver
 mail_server_hostname: "mail.{{ domain }}"
+mail_server_autoconfig_hostname: "autoconfig.{{ domain }}"
 mail_db_username: mailuser
 # mail_db_password: (required)
 mail_db_database: mailserver