# checker-email-autoconfig Email autoconfiguration checker for [happyDomain](https://www.happydomain.org/). Verifies that a domain publishes discoverable email-client configuration through the mechanisms used by real-world mail clients: - **Thunderbird autoconfig** (Bucksch draft, `draft-bucksch-autoconfig-00`) - `https://autoconfig./mail/config-v1.1.xml` (primary) - `https:///.well-known/autoconfig/mail/config-v1.1.xml` (apex fallback) - `http://autoconfig./...` (optional; surfaced as a warning) - Mozilla ISPDB fallback (`autoconfig.thunderbird.net`) - MX-parent fallbacks for hosted domains - **Microsoft Autodiscover** POX (`https://autodiscover./autodiscover/autodiscover.xml`) - **RFC 6186 SRV records** (`_imaps`, `_imap`, `_pop3s`, `_pop3`, `_submissions`, `_submission`, `_autodiscover`) - MX resolution (for context and MX-based discovery) The checker parses every response, cross-checks the servers advertised by the different sources, and produces a rich HTML report with **paste-ready remediation snippets** for the most common failure modes. ## Rules | Code | Description | Severity | |-----------------------------------|--------------------------------------------------------------------------------------------------------------|---------------------| | `autoconfig_presence` | Checks that at least one email-autoconfiguration discovery method answers for the domain. | CRITICAL | | `autoconfig_preferred_endpoint` | Checks that `https://autoconfig./mail/config-v1.1.xml` is reachable and serves a valid clientConfig. | WARNING | | `autoconfig_tls` | Checks that autoconfig endpoints are served over HTTPS with a valid TLS certificate. | CRITICAL | | `autoconfig_server_encryption` | Checks that servers advertised by autoconfig use SSL or STARTTLS and a non-cleartext auth method. | CRITICAL | | `autoconfig_consistency` | Cross-checks hostnames and ports reported by autoconfig, Autodiscover and SRV records. | WARNING | | `autoconfig_srv_records` | Checks that RFC 6186 SRV records (`_imaps._tcp`, `_submissions._tcp`, ...) complement the autoconfig XML. | WARNING | | `autoconfig_autodiscover` | Reports whether Microsoft Autodiscover (POX) responds on the domain. | WARNING | ## Common failure modes the HTML report addresses When a check fails, the report's "Fix this first" section provides ready-to-copy snippets: - **Nothing is published** → sample `config-v1.1.xml` for the domain and the two canonical URLs to serve it from. - **Only `.well-known` answers** → nudge to add the `autoconfig.` subdomain (primary URL per the draft). - **Plain HTTP fallback responds** → redirect to HTTPS. - **TLS validation failed** → hint at covering `autoconfig.` with a valid certificate. - **Advertised servers are plaintext** → port cheat-sheet (SSL 993/465, STARTTLS 143/587). - **No RFC 6186 SRV records** → ready-to-paste zone excerpt. ## Usage ### Standalone ```bash make ./checker-email-autoconfig -listen :8080 ``` Exposes: - `GET /health`, `GET /definition` - `POST /collect`: run the full discovery probe. - `POST /evaluate`: apply rules to a previously collected observation. - `POST /report`: returns HTML when `Accept: text/html` is set, otherwise JSON metrics. ### Docker ```bash make docker docker run -p 8080:8080 happydomain/checker-email-autoconfig ``` ### happyDomain plugin ```bash make plugin # produces checker-email-autoconfig.so, loadable by happyDomain. ``` ## Options ### Per-user - `probeEmail`: local-part used in the autoconfig URL query string (default `test`). - `httpTimeout`: per-request timeout in seconds (default 8). - `tryISPDB`: query Mozilla's Thunderbird ISPDB as a fallback (default `true`). - `tryHTTPAutoconfig`: also probe the plain-HTTP variant (default `false`). - `tryAutodiscoverPost`: probe the Microsoft Autodiscover POX endpoints (default `true`). ### Admin - `ispdbURL`: override the ISPDB base URL. - `userAgent`: User-Agent announced in every probe. ## License MIT. See `LICENSE` and `NOTICE`.