Skip to main content

WordPress WAF blocking IPs due to 404 errors of autodiscover/autodiscover.xml

Problem:

Our client is using Microsoft 365 and Outlook 365 (similar Microsoft e-mail clients) will try to access the following URL during configuration:

https://domain.com/autodiscover/autodiscover.xml

This has created a large amount of 404 errors and may result WordPress WAF (such as iThemes Security) to block the IPs.

Diagnosis:

The root cause for this is the standard behavior of Microsoft e-mail clients trying to look for the correct server.

Here's an explanation of the process, provided by Microsoft support technician Martin Xu:

The reason is you create CNAME in your host provider and re-point your Autodiscover service to xxx.outlook.com. The testing tool will follow the default process to test the connection. First it will find the original domain to test whether autodiscover can pass, and then will test autodiscover.yourdomain.com. Finally it will check whether there are some CNAME setting for you domain to re-point autodiscover.

If you are using xyz@yourdomain.com, the primary SMTP domain is yourdomain.com. It will first check the primary SMTP domain, then check the secondary Autodiscover service URL https://autodiscover.yourdomain.com/autodiscover/autodiscover.xml. For more information about how the Autodiscover Service Work you can refer to: http://technet.microsoft.com/en-us/library/bb124251.aspx#works.

Solution:

Under the webserver (NginX for example), add a 204 no content response instead of generating 404 error

location ~* ^/autodiscover/autodiscover.xml$ {

return 204;

}

Comments

Post a Comment

Popular posts from this blog

ISPConfig / Pure-FTP / SSL (TLS) setup

ISPConfig comes with LetsEncrypt integrated in its panel for web domains. However, it does not automatically use the SSL cert for FTP service (PureFTP). This post describes the steps to enable the support. 1. We need an FQDN so that Lets Encrypt (LE) will be able to generate SSL under ISPConfig panel. 2. PureFTP TLS support requires a cert in .pem format which can be generated by leveraging the LE cert generated: cat /etc/letsencrypt/live/mydomain.com/privkey.pem /etc/letsencrypt/live/mydomain.com/fullchain.pem > /etc/ssl/private/pure-ftpd.pem 3. Restart PureFTP so that it will not use the new certificate 4. LE certificates need to be renewed regularly so it is necessary to create a cron job to keep the .pem file updated. Setup a crontab 0 6 * * * /etc/letsencrypt/certbot-auto -n renew --quiet --no-self-upgrade && cat /etc/letsencrypt/live/mydomain.com/privkey.pem /etc/letsencrypt/live/mydomain.com/fullchain.pem > /etc/ssl/private/pure-ftpd.pem && se...
Post a Comment
Read more

ISPConfig 3 / Mail / Custom mail filter recipe

Recently trying to setup a mail re-direct (or a cc) to an external e-mail address. It is important to first determine if you are running courier or dovecot because the syntax is different. Under dovecot, it should be in sieve syntax. Therefore, under ISPConfig3 -> Email -> Email Mailbox -> Custom Rules, enter: redirect "mail@example.com"; Ensure it is double straight quotes and semi-colon at the end. Wait until the update is done (usually a few minutes) via the cron jobs of ISPConfig3 updating the /var/vmail/domain/username/.sieve
Post a Comment
Read more

Ubuntu 16.04 and ISPConfig 3.1 - stopping ClamAV

ClamAV requires quite a bit of resources to run in the background and this usually slows down the mail delivery. In the ISPConfig 3 (Under Perfect Server setup), clamAV is run within Amavis. Therefore, typical removal of clamAV commands will not remove it. When RAM is really low, Linux kills amavis and this will cause mail not being delivered. Therefore, if we run amavis to manage anti-virus and spam, consider a minimum of 2G or 4G RAM VM/Cloud servers. The steps to disable clamav and amavisd are: (1) edit postfix conf - note amavis uses a special port 10024 and 10026. Therefore, if you are not using these ports, consider closing them in your firewall settings. nano /etc/postfix/main.cf # content_filter = amavis:[127.0.0.1]:10024 # receive_override_options = no_address_mappings (2) Under ISPConfig 3.1, comment additional 2 lines nano /etc/postfix/tag_as_foreign.re # /^/ FILTER amavis:[127.0.0.1]:10024 nano /etc/postfix/tag_as_originating.re # /^/ FILTER amavi...
1 comment
Read more