You are here: Welcome to BlueOnyx» FAQ» Email Autoconfiguration

Email Autoconfiguration

BlueOnyx now provides fully integrated Email Autoconfiguration support for modern email clients such as Mozilla Thunderbird, Microsoft Outlook, and compatible mobile and desktop clients.

Email Autoconfiguration allows mail clients to automatically detect all required email settings (IMAP, SMTP, ports, encryption, authentication) based solely on the user’s email address. This eliminates manual configuration errors, reduces support requests, and ensures consistent, secure mail client setups.

With this feature enabled, BlueOnyx automatically:

  • Publishes the required DNS records (CNAME and SRV)
  • Generates standards-compliant XML configuration endpoints
  • Ensures all autoconfig hostnames are covered by SSL certificates
  • Integrates seamlessly with existing mail, DNS, and SSL management

The result is a zero-touch email setup experience for end users, while administrators retain full control and visibility.

Which SMTP ports are available:

Port Name Encryption Auth Client use
25 SMTP STARTTLS optional Optional ❌ Avoid
587 Submission STARTTLS optional Yes ✅ Best (most clients will still use STARTTLS)
465 SMTPS SSL/TLS only Yes ✅ Backup / also fine as primary

Email Autoconfiguration will point email clients to port 587 with the required settings for SMTP-Auth.

Overview: How Email Autoconfiguration Works

When a user enters an email address (e.g. user@domain.tld) into a supported mail client:

  1. The client queries standard DNS records such as autoconfig.domain.tld, autodiscover.domain.tld, and _autodiscover._tcp.domain.tld.
  2. These records point the client to BlueOnyx-hosted XML endpoints.
  3. BlueOnyx returns validated, secure configuration data (IMAP/SMTP servers, ports, encryption, authentication, and the correct login name format).

No manual input is required beyond the email address and password.

Step-by-Step: Enabling Email Autoconfiguration for a Vsite

1. Enable Email Autoconfiguration for the Domain

Navigate to: Site Management → Email

In the Email Settings section for the Vsite:

  • Enable Email Autoconfiguration
  • Verify or define Email Server Aliases (usually the base domain and mail.domain.tld)

Once enabled, BlueOnyx activates the Autoconfig and Autodiscover endpoints for this domain.

2. Review and Apply DNS Record Recommendations

Navigate to: Site Management → DNS

BlueOnyx automatically generates a DNS Record Recommendation block showing all required records in BIND format, including:

  • autoconfig.domain.tld (CNAME)
  • autodiscover.domain.tld (CNAME)
  • _autodiscover._tcp.domain.tld (SRV)
  • Mail host A record
  • MX record

If BlueOnyx is managing DNS for the domain, these records are created automatically. If DNS is external, copy the suggested DNS records into your DNS provider’s interface.

3. Ensure SSL Coverage for Autoconfig Hostnames

Navigate to: Site Management → SSL

To avoid certificate warnings or failed connections, all autoconfig and autodiscover hostnames must be covered by the SSL certificate.

In the SSL configuration:

  • Enable Request or Renew Certificate
  • Add the following to SSL domain aliases:
    • autoconfig.domain.tld
    • autodiscover.domain.tld
    • mail.domain.tld
    • the base domain itself

Once the DNS has propagated, request or renew the Let’s Encrypt certificate - including these names. This is important!

4. (Optional) DKIM and Mail Policy Alignment

While not required for autoconfiguration itself, BlueOnyx integrates cleanly with OpenDKIM, SPF/DMARC policies, and mail limits. If DKIM is enabled, ensure the DKIM TXT record is present before going live to maximize mail deliverability.

What Clients Receive (Behind the Scenes)

Generic Autoconfig (Thunderbird and compatible clients)

BlueOnyx exposes:

  • /mail/config-v1.1.xml
  • /.well-known/autoconfig/mail/config-v1.1.xml

These return XML describing IMAP and SMTP settings, including encryption and authentication.

Microsoft Outlook Autodiscover

Outlook clients query the Autodiscover endpoint and receive a dedicated XML response tailored to Outlook’s expectations. In specific Outlook has the quirk of demanding to login to SMTP and IMAP with the email address and not the username. BlueOnyx has been modified to now allow both types of logins: With the username - as well as with the email address. The email address can be in the <username>@<domain>.<tld> format or it can be any email alias of an existing user account. 

This ensures compatibility with Outlook for Windows, Outlook for macOS, and Outlook mobile clients.

End-User Experience

From the user’s perspective:

  1. Open mail client
  2. Enter email address
  3. Enter password
  4. Done

No server names, no ports, no encryption choices, and no guesswork. If both IMAP and POP3 are enabled, IMAP is offered as default, but if someone wants to? Then POP3 can be chosen with just one extra click as seen in the image below.

Benefits at a Glance

  • Reduced support requests
  • Fewer misconfigured mail clients
  • Secure defaults enforced automatically
  • Standards-compliant
  • Integrated into existing BlueOnyx workflows
  • Works with Let’s Encrypt out of the box

Summary

Email Autoconfiguration in BlueOnyx provides a modern, professional, and administrator-friendly solution for deploying email services at scale.

It bridges DNS, SSL, and mail configuration into a single coherent workflow, ensuring that end users enjoy effortless setup while administrators maintain security, consistency, and control.

Once enabled, it “just works”.

Previous page: BlueOnyx 5210R/5211R/5212R Debugging Next page: Prevent Sender Identity Spoofing