Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

autoconfig returns mailcow_hostname for all domains, causing security certificate errors with Outlook clients #6230

Open
5 tasks done
ibesec opened this issue Dec 28, 2024 · 0 comments
Open
5 tasks done

autoconfig returns mailcow_hostname for all domains, causing security certificate errors with Outlook clients #6230

ibesec opened this issue Dec 28, 2024 · 0 comments
Labels
bug

Comments

@ibesec
Copy link

ibesec commented Dec 28, 2024

Contribution guidelines

I've found a bug and checked that ...

  • ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
  • ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
  • ... I have understood that answers are voluntary and community-driven, and not commercial support.
  • ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

As per default, autoconfig returns mailcow_hostname for all hostname fields (incoming server/IMAP, outgoing server/SMTP, etc.), even for secondary domains.

This results in Outlook client returning an Internet Security Warning:
"The server you are connected to is using a security certificate that cannot be verified -  The target principal name is incorrect."

Returning the secondary domain's hostname instead fixes this issue.

Logs:

N/A

Steps to reproduce:

1. Set up a mailcow instance with an extra SAN (will call this the "secondary domain"), and set up all advanced SSL configurations as required.
2. Verify the newly issued Let's Encrypt certificate now includes your secondary domain as a SAN.
3. Create a new mailbox in the secondary domain.
4. Add your new mailbox as a new account to any Outlook (classic) client using the autoconfig parameters - don't manually modify any hostnames or ports.
5. The Internet Security Warning message will pop up.
6. By editing the newly added account details in Outlook, you will confirm autoconfig set IMAP and SMTP hostnames to the main mailcow_hostname.
7. Change the IMAP and SMTP hostnames to the secondary domain.
8. You have fixed the issue.

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

N/A

Server/VM specifications:

N/A

Is Apparmor, SELinux or similar active?

N/A

Virtualization technology:

N/A

Docker version:

N/A

docker-compose version or docker compose version:

N/A

mailcow version:

2024-11b

Reverse proxy:

N/A

Logs of git diff:

N/A - only changes to SOGo configuration and certificates.

Logs of iptables -L -vn:

N/A

Logs of ip6tables -L -vn:

N/A

Logs of iptables -L -vn -t nat:

N/A

Logs of ip6tables -L -vn -t nat:

N/A

DNS check:

N/A
@ibesec ibesec added the bug label Dec 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ibesec