Configure email account via QR code

I have my own private mail server, and I can generate available email accounts at will. I wrote a simple program to complete the configuration and login of the email account through the QR code.
It is essentially migrating email accounts, the only difference is that it does not include user data, only the most basic configuration information.

principle:

  1. This program directly modifies the initial database generated by Delta Chat (including username; email address; password; server configuration; avatar, etc.);
  2. Send a request to the mail server to generate an email account, package the database as a TAR file, upload it to the HTTP server, and get the download link of this file;
  3. Convert the link to a QR code and display it on the screen;
  4. The user downloads this file to /storage/emulated/0/sdcard by scanning the QR code on the screen on the mobile phone;
  5. The user uses the “Import Backup” function of Delta Chat to import this file.

This program solves the following problems:
The process of manually configuring the mail server is omitted.

This program cannot solve the following problems:
Different users use different browsers, and the default download paths of these browsers may also be different. If Delta Chat cannot find a backup in /storage/emulated/0/sdcard, you need to manually move to this path.
This program cannot be used to back up user data, which means it is only for new users.

i dont really get what does it do.
does not mozilla-style autoconfig xml satisfy the initial MUA config?
why can not the mail server auto-create the mailbox when the user first logs in? does to client-side app do some security measure to prevent anyone create a mailbox?

It exists only to meet specific needs. In addition:
a) I have never heard of autoconfig, and I don’t know how to use autoconfig in Delta Chat.
b) The mail server does not provide a method for external registration, and the generation of an account can only be done by the administrator.
c) In order to prevent malicious registration, this program is only owned and used by the administrator.

a) it’s a standard followed by many MUA (incl. DC) to auto config smtp/imap settings based on email domain. user have to enter his email address and the settings are auto filled. see Thunderbird:Autoconfiguration:ConfigFileFormat - MozillaWiki

b) which mail server software is it? most free software programs can be extended to align with the user’s (administrator’s) needs. eg. i use exim4 which calls out to PAM (authn/authz layer in linux) to auto-create mailboxes if needed.

c) so if i understand correctly this helper program has some sort of auth token in order to prove its authority to initiate mailbox creation, so users should not obtain/distribute/look into it, altough they have to run it on their devices in order to set their DC client up. how do users practice their essential software freedoms then (eg. right to study, verify the program’s benevolence) ?

b) “poste.io” free version, for Docker.
c) It is just a prototype that can achieve its purpose and does not use “tokens”. In theory, anyone who owns this program can generate an account on the premise that it can access the Internet. At this point, it does not have any security, so this program does not It will be published online to ensure that only I own it. Users can only obtain the QR code generated by it. I will not deprive these users of their rights. On the contrary, these users I face will simply use their mobile phones, but learn The ability is too low for you to imagine. They don’t even know how to spell my mail server domain name correctly. With this condition, the QR code is the only solution that can quickly achieve the goal. Regarding the path of the TAR file in the phone’s memory, this is also a problem . If I’m not by their side, they won’t even be able to solve it by themselves.

DC seems to support account configuration via QR code. see: mailadm: managing token-based temporary e-mail accounts — mailadm 1.0.0 documentation
this docs talks about temporary accounts, but it has not to be.
you can generate a QR code containing an url which yields back an mailbox config. it’s more or less the same as your workflow. you only need to give QR codes to the users and have a server side script create mailboxes.

see also here [Manual] QR code (tips and tricks), and bugs?

Mailadm needs to be configured, and my mail server is on the Synology NAS. My personal data is stored on the NAS, and I don’t want to lose data due to additional configuration operations.

mailadmin is just one of example which implements this qr-account-config method, but not strongly connected. you dont have to install mailadmin at all. i’ve just now implemented a perl script-based workflow to generate new mailbox and display QR code for users.

the only things needed are:

  • qr code encoding DCACCOUNT:<url>
  • server code behind the <url> generating mailbox and outputs {"email":"…","password":"…"}
  • this DCACCOUNT schema sadly does not support imap/smtp configs yet, so you’ll need mozilla-style autoconfig xml as well OR rely on DC’s config discovery heuristics.
  • optionally additional security checks may be put in url paramters and in server code

if i understood your workflow correctly you already manage email accounts on the server side programmatically, so i imagine qr-account-config would not involve much more level of customization than your tar-file-based one. as a result, users won’t have to handle file download and manual import.

It’s really unfortunate. My server happens to use non-standard SMTP and IMAP ports.

i see but dont worry, can you publish autoconfig xml in your email domain’s website, or in https://autoconfig.<domain>? if so then DC picks up imap/smtp ports from there.

I can publish xml, but I cannot enable domain names like “autoconfig.example.com” as required. Because the domain name currently in use is a highly restricted subdomain. It can only be like “http://myname.example.com:7890/autoconfig.xml

not having access to autoconfig.<domain> is not a blocker, you are good to go to put xml on myname.example.com as long as your email domain is also myname.example.com. however missing https or custom web port number probably a blocker.

Well, my server uses home broadband, 80; 443 and some common ports have been banned by ISP. The domain name comes from DDNS service provider, there are many restrictions.

we should really extend the DCACCOUNT: Schema to allow providing all required configuration options, and possibly support also parsing and using apples mobileconfig format for setting up accounts / logging in.

At best we should also also have a qr code uri schema that supports setting all of these values inside of the qr code.

PS: @974F7BB1D254 cool that you made something to work around the current restrictions of the login to account from qr code feature of deltachat by using the import backup function.

This program is a product of last resort.I have found that the function of configuring the account and logging in through the QR code has related discussions, but the available functions have never appeared.