diff --git a/bundles/mailserver-autoconfig/README.md b/bundles/mailserver-autoconfig/README.md
new file mode 100644
index 0000000..38bf776
--- /dev/null
+++ b/bundles/mailserver-autoconfig/README.md
@@ -0,0 +1,3 @@
+test autodiscover.php:
+
+`curl -X POST https://autoconfig.mail.example.com/Autodiscover/Autodiscover.xml -d '<EMailAddress>test@example.com</EMailAddress>'`
diff --git a/bundles/mailserver-autoconfig/files/autodiscover.php b/bundles/mailserver-autoconfig/files/autodiscover.php
new file mode 100644
index 0000000..1134fac
--- /dev/null
+++ b/bundles/mailserver-autoconfig/files/autodiscover.php
@@ -0,0 +1,83 @@
+<?php
+
+// https://raw.githubusercontent.com/Radiergummi/autodiscover/master/autodiscover/autodiscover.php
+
+/********************************
+ * Autodiscover responder
+ ********************************
+ * This PHP script is intended to respond to any request to http(s)://mydomain.com/autodiscover/autodiscover.xml.
+ * If configured properly, it will send a spec-complient autodiscover XML response, pointing mail clients to the
+ * appropriate mail services.
+ * If you use MAPI or ActiveSync, stick with the Autodiscover service your mail server provides for you. But if 
+ * you use POP/IMAP servers, this will provide autoconfiguration to Outlook, Apple Mail and mobile devices.
+ *
+ * To work properly, you'll need to set the service (sub)domains below in the settings section to the correct 
+ * domain names, adjust ports and SSL.
+ */
+
+//get raw POST data so we can extract the email address
+$request = file_get_contents("php://input");
+
+// optional debug log
+# file_put_contents( 'request.log', $request, FILE_APPEND );
+
+// retrieve email address from client request
+preg_match( "/\<EMailAddress\>(.*?)\<\/EMailAddress\>/", $request, $email );
+
+// check for invalid mail, to prevent XSS
+if (filter_var($email[1], FILTER_VALIDATE_EMAIL) === false) {
+	throw new Exception('Invalid E-Mail provided');
+}
+
+// get domain from email address
+$domain = substr( strrchr( $email[1], "@" ), 1 );
+
+/**************************************
+ *   Port and server settings below   *
+ **************************************/
+
+// IMAP settings
+$imapServer = 'imap.' . $domain; // imap.example.com
+$imapPort   = 993;
+$imapSSL    = true;
+
+// SMTP settings
+$smtpServer = 'smtp.' . $domain; // smtp.example.com
+$smtpPort   = 587;
+$smtpSSL    = true;
+
+//set Content-Type
+header( 'Content-Type: application/xml' );
+?>
+<?php echo '<?xml version="1.0" encoding="utf-8" ?>'; ?>
+<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
+	<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
+		<Account>
+			<AccountType>email</AccountType>
+			<Action>settings</Action>
+			<Protocol>
+			<Protocol>
+				<Type>IMAP</Type>
+				<Server><?php echo $imapServer; ?></Server>
+				<Port><?php echo $imapPort; ?></Port>
+				<DomainRequired>off</DomainRequired>
+				<LoginName><?php echo $email[1]; ?></LoginName>
+				<SPA>off</SPA>
+				<SSL><?php echo $imapSSL ? 'on' : 'off'; ?></SSL>
+				<AuthRequired>on</AuthRequired>
+			</Protocol>
+			<Protocol>
+				<Type>SMTP</Type>
+				<Server><?php echo $smtpServer; ?></Server>
+				<Port><?php echo $smtpPort; ?></Port>
+				<DomainRequired>off</DomainRequired>
+				<LoginName><?php echo $email[1]; ?></LoginName>
+				<SPA>off</SPA>
+				<SSL><?php echo $smtpSSL ? 'on' : 'off'; ?></SSL>
+				<AuthRequired>on</AuthRequired>
+				<UsePOPAuth>on</UsePOPAuth>
+				<SMTPLast>on</SMTPLast>
+			</Protocol>
+		</Account>
+	</Response>
+</Autodiscover>
diff --git a/bundles/mailserver-autoconfig/files/config-v1.1.xml b/bundles/mailserver-autoconfig/files/config-v1.1.xml
new file mode 100644
index 0000000..a044635
--- /dev/null
+++ b/bundles/mailserver-autoconfig/files/config-v1.1.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0"?>
+<clientConfig version="1.1">
+  <!-- Outgoing Server -->
+  <emailProvider id="${mailserver}">
+
+    <!-- Hosted Domains -->
+
+    <domain>${mailserver}</domain>
+    <displayName>${mailserver}</displayName>
+    <displayShortName>${mailserver}</displayShortName>
+
+    <!-- Incoming Mail Servers -->
+
+    <incomingServer type="imap">
+      <hostname>${mailserver}</hostname>
+      <port>993</port>
+      <socketType>SSL</socketType>
+      <authentication>password-cleartext</authentication>
+      <username>%EMAILADDRESS%</username>
+    </incomingServer>
+
+    <incomingServer type="imap">
+      <hostname>${mailserver}</hostname>
+      <port>143</port>
+      <socketType>STARTTLS</socketType>
+      <authentication>password-cleartext</authentication>
+      <username>%EMAILADDRESS%</username>
+    </incomingServer>
+
+    <!-- Outgoing Mail Servers -->
+
+    <outgoingServer type="smtp">
+      <hostname>${mailserver}</hostname>
+      <port>465</port>
+      <socketType>SSL</socketType>
+      <authentication>password-cleartext</authentication>
+      <username>%EMAILADDRESS%</username>
+    </outgoingServer>
+
+    <outgoingServer type="smtp">
+      <hostname>${mailserver}</hostname>
+      <port>587</port>
+      <socketType>STARTTLS</socketType>
+      <authentication>password-cleartext</authentication>
+      <username>%EMAILADDRESS%</username>
+    </outgoingServer>
+
+    <!-- Documentation -->
+
+    <documentation url="http://www.example.com/help/mail/thunderbird">
+      <descr lang="en">Configure Thunderbird 2.0 for IMAP</descr>
+      <descr lang="de">Thunderbird 2.0 mit IMAP konfigurieren</descr>
+    </documentation>
+
+  </emailProvider>
+  <clientConfigUpdate url="https://${autoconfig}/mail/config-v1.1.xml" />
+</clientConfig>
diff --git a/bundles/mailserver-autoconfig/items.py b/bundles/mailserver-autoconfig/items.py
new file mode 100644
index 0000000..8dd667c
--- /dev/null
+++ b/bundles/mailserver-autoconfig/items.py
@@ -0,0 +1,16 @@
+autoconfig_hostname = node.metadata.get('mailserver/autoconfig_hostname')
+
+files = {
+    f'/var/www/{autoconfig_hostname}/mail/config-v1.1.xml': {
+        'content_type': 'mako',
+        'context': {
+            'mailserver': node.metadata.get('mailserver/hostname'),
+            'autoconfig': autoconfig_hostname,
+        },
+        'owner': 'www-data',
+    },
+    f'/var/www/{autoconfig_hostname}/autodiscover/autodiscover.php': {
+        'content_type': 'mako',
+        'owner': 'www-data',
+    },
+}
diff --git a/bundles/mailserver-autoconfig/metadata.py b/bundles/mailserver-autoconfig/metadata.py
new file mode 100644
index 0000000..b943c74
--- /dev/null
+++ b/bundles/mailserver-autoconfig/metadata.py
@@ -0,0 +1,78 @@
+defaults = {}
+
+
+@metadata_reactor.provides(
+    'mailserver/autoconfig_hostname',
+)
+def hostname(metadata):
+    return {
+        'mailserver': {
+            'autoconfig_hostname': f"autoconfig.{metadata.get('mailserver/hostname')}",
+        },
+    }
+
+
+@metadata_reactor.provides(
+    'nginx/vhosts',
+)
+def nginx(metadata):
+    return {
+        'nginx': {
+            'vhosts': {
+                metadata.get('mailserver/autoconfig_hostname'): {
+                    'content': 'mailserver-autodiscover/vhost.conf',
+                    'context': {
+                        'root': f"/var/www/{metadata.get('mailserver/autoconfig_hostname')}",
+                    },
+                },
+            },
+        },
+    }
+
+
+@metadata_reactor.provides(
+    'letsencrypt/domains',
+)
+def letsencrypt(metadata):
+    return {
+        'letsencrypt': {
+            'domains': {
+                metadata.get('mailserver/autoconfig_hostname'): {
+                    'aliases': {
+                        *{
+                            f'autoconfig.{domain}'
+                                for domain in metadata.get('mailserver/domains')
+                        },
+                        *{
+                            f'autodiscover.{domain}'
+                                for domain in metadata.get('mailserver/domains')
+                        },
+                    },
+                },
+            },
+        },
+    }
+
+
+@metadata_reactor.provides(
+    'dns',
+)
+def autoconfig(metadata):
+    dns = {}
+    
+    for domain in metadata.get('mailserver/domains'):
+        dns.update({
+            f'autoconfig.{domain}': {
+                'CNAME': {f"{metadata.get('mailserver/autoconfig_hostname')}."},
+            },
+            f'_autodiscover._tcp.{domain}': {
+                'SRV': {f"10 10 443 {metadata.get('mailserver/autoconfig_hostname')}."},
+            },
+            f'autodiscover.{domain}': {
+                'CNAME': {f"{metadata.get('mailserver/autoconfig_hostname')}."},
+            },
+        })
+    
+    return {
+        'dns': dns,
+    }
diff --git a/data/mailserver-autodiscover/vhost.conf b/data/mailserver-autodiscover/vhost.conf
new file mode 100644
index 0000000..12f36a9
--- /dev/null
+++ b/data/mailserver-autodiscover/vhost.conf
@@ -0,0 +1,16 @@
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name ${server_name};
+
+    ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
+    ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
+
+    root ${root};
+    
+    location ~ /(?:a|A)utodiscover/(?:a|A)utodiscover.xml {
+        try_files /autodiscover/autodiscover.php =404;
+        fastcgi_pass php-handler;
+        include fastcgi.conf;
+    }
+}
diff --git a/groups/applications/mailserver.py b/groups/applications/mailserver.py
index 8025893..f37cfbc 100644
--- a/groups/applications/mailserver.py
+++ b/groups/applications/mailserver.py
@@ -4,6 +4,7 @@
         'dovecot',
         'letsencrypt',
         'mailserver',
+        'mailserver-autoconfig',
         'nginx',
         'php',
         'postfix',