love/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
62c7cde62decee3418a5b2ba7db4ac8b8b69254d
nix/MAIL.md
T
love 33281a02f8 mobileconfig
2026-04-14 16:21:49 +02:00

7.3 KiB
Raw Blame History

Mail And Radicale

This repo currently configures mail for billenius.com on Hermes.

Hosts

  • Mail server: mail.billenius.com
  • Thunderbird autoconfig: autoconfig.billenius.com
  • Outlook-style autodiscover: autodiscover.billenius.com
  • CalDAV/CardDAV via Radicale: cal.billenius.com
  • Apple configuration profile: https://autoconfig.billenius.com/mobileconfig/?emailaddress=love%40billenius.com
  • Webmail via Roundcube: https://mail.billenius.com

Repo Locations

  • Core mail settings: modules/nixos/mail-server/mail.nix
  • Mail autodiscovery XML: modules/nixos/mail-server/autodiscover.nix
  • Radicale and DAV discovery: modules/nixos/mail-server/radicale.nix
  • Roundcube: modules/nixos/mail-server/roundcube.nix

What The Repo Configures

Mail

  • IMAP over SSL on mail.billenius.com:993
  • SMTP submission with STARTTLS on mail.billenius.com:587
  • Webmail on https://mail.billenius.com
  • ACME certificates for the mail-related nginx hosts

Autodiscovery

  • Thunderbird mail config at https://autoconfig.billenius.com/mail/config-v1.1.xml
  • Outlook-style mail config at https://autodiscover.billenius.com/autodiscover/autodiscover.xml
  • Thunderbird XML also advertises:
    • CardDAV: https://cal.billenius.com/
    • CalDAV: https://cal.billenius.com/

Radicale

  • Radicale is reverse proxied on https://cal.billenius.com/
  • Authentication uses the same mail accounts and password hashes as the mail server
  • DAV discovery redirects are served on:
    • https://mail.billenius.com/.well-known/caldav
    • https://mail.billenius.com/.well-known/carddav
    • https://cal.billenius.com/.well-known/caldav
    • https://cal.billenius.com/.well-known/carddav

This repo does not manage the apex website host for billenius.com. If the public website should also expose DAV redirects on /.well-known/caldav and /.well-known/carddav, that has to be configured on the separate nginx host serving billenius.com.

Apple Mobileconfig

  • The canonical Apple profile entrypoint is:
    • https://autoconfig.billenius.com/mobileconfig/?emailaddress=<url-encoded-email>
  • Apple profiles are hosted from autoconfig.billenius.com
  • A small landing page is available at:
    • https://autoconfig.billenius.com/mobileconfig/
  • Account-specific profiles are always available at:
    • https://autoconfig.billenius.com/mobileconfig/<sanitized-email>.mobileconfig
  • If there is exactly one configured mail account, the profile is also available at:
    • https://autoconfig.billenius.com/mobileconfig/billenius.mobileconfig

The profile configures:

  • IMAP on mail.billenius.com:993
  • SMTP submission on mail.billenius.com:587
  • CalDAV on cal.billenius.com:443
  • CardDAV on cal.billenius.com:443

Passwords are not embedded in the profile.

DNS

These records are expected for good client discovery.

Host Records

  • mail.billenius.com
  • cal.billenius.com
  • autoconfig.billenius.com
  • autodiscover.billenius.com

cal.billenius.com, autoconfig.billenius.com, and autodiscover.billenius.com can point at the same host as mail.billenius.com.

Mail SRV

_imaps._tcp.billenius.com.       SRV 0 0 993 mail.billenius.com.
_submission._tcp.billenius.com.  SRV 0 0 587 mail.billenius.com.

DAV SRV/TXT

_caldavs._tcp.billenius.com.   SRV 0 0 443 cal.billenius.com.
_carddavs._tcp.billenius.com.  SRV 0 0 443 cal.billenius.com.

_caldavs._tcp.billenius.com.   TXT "path=/"
_carddavs._tcp.billenius.com.  TXT "path=/"

iOS Setup

The preferred setup path on Apple devices is to open the hosted profile in Safari:

https://autoconfig.billenius.com/mobileconfig/?emailaddress=love%40billenius.com

Install the profile, then enter the password when prompted.

The manual steps below are the fallback path.

Mail

iOS does not reliably do full self-hosted IMAP setup from the same discovery flow that Thunderbird uses. The hosted .mobileconfig profile is the best path for one-step Apple setup.

  1. Open Settings
  2. Go to Apps -> Mail -> Mail Accounts -> Add Account
  3. Choose Other
  4. Choose Add Mail Account
  5. Use:
    • Email: full mail address, for example love@billenius.com
    • Incoming host: mail.billenius.com
    • Outgoing host: mail.billenius.com
    • Username: full mail address
    • Password: the mail password
  6. iOS should use:
    • IMAP SSL on 993
    • SMTP submission on 587

Calendar

  1. Open Settings
  2. Go to Apps -> Calendar -> Calendar Accounts -> Add Account
  3. Choose Other
  4. Choose Add CalDAV Account
  5. Use:
    • Server: cal.billenius.com
    • Username: full mail address
    • Password: the mail password

Contacts

  1. Open Settings
  2. Go to Apps -> Contacts -> Contacts Accounts -> Add Account
  3. Choose Other
  4. Choose Add CardDAV Account
  5. Use:
    • Server: cal.billenius.com
    • Username: full mail address
    • Password: the mail password

If the goal is a single Apple setup flow that provisions mail, calendars, and contacts together, use the hosted .mobileconfig profile on autoconfig.billenius.com instead of adding the accounts manually.

Thunderbird Setup

Mail

Thunderbird should discover mail automatically from the email address alone.

  1. Open Thunderbird
  2. Add a new mail account
  3. Enter the email address and password
  4. Thunderbird should pick up mail.billenius.com from autoconfig.billenius.com

Contacts

Thunderbird's mail account wizard does not reliably attach CardDAV address books automatically, even when the XML, SRV/TXT records, and /.well-known endpoints exist.

The reliable path is:

  1. Open Address Book
  2. Choose New Address Book -> Add CardDAV Address Book
  3. Use:
    • Username: full mail address
    • Location: https://cal.billenius.com/
  4. Authenticate
  5. Select the discovered address books

Calendars

The reliable path is:

  1. Open Calendar
  2. Choose New Calendar
  3. Choose On the Network
  4. Use:
    • Username: full mail address
    • Location: https://cal.billenius.com/
  5. Choose Find Calendars
  6. Subscribe to the discovered calendars

Verification

Thunderbird XML

curl https://autoconfig.billenius.com/mail/config-v1.1.xml
curl https://autodiscover.billenius.com/autodiscover/autodiscover.xml

DAV Well-Known

curl -I https://mail.billenius.com/.well-known/caldav
curl -I https://mail.billenius.com/.well-known/carddav
curl -I https://cal.billenius.com/.well-known/caldav
curl -I https://cal.billenius.com/.well-known/carddav

Each should return a 301 redirect to https://cal.billenius.com/.

DNS

dig +short SRV _imaps._tcp.billenius.com
dig +short SRV _submission._tcp.billenius.com
dig +short SRV _caldavs._tcp.billenius.com
dig +short SRV _carddavs._tcp.billenius.com
dig +short TXT _caldavs._tcp.billenius.com
dig +short TXT _carddavs._tcp.billenius.com

Current Limitation

The standards-based discovery in this repo is good enough for:

  • Thunderbird mail autodiscovery
  • DAV discovery for many clients
  • manual but short setup flows on iOS and Thunderbird

It is not enough to guarantee that:

  • Thunderbird's mail wizard will also attach calendars and contacts automatically
  • iOS will provision mail, contacts, and calendars in one combined login flow

For that, the next likely improvement is an Apple mobileconfig profile and, if needed, client-specific setup documentation.

Reference in New Issue View Git Blame Copy Permalink