diff --git a/roles/web/files/certs b/roles/web/files/certs
index 7181b3d..10a9833 100644
--- a/roles/web/files/certs
+++ b/roles/web/files/certs
@@ -14,6 +14,20 @@ www.binary-kitchen.de binary-kitchen.de www.binary.kitchen binary.kitchen:
   format: key
   action: '/usr/sbin/service nginx restart'
 
+autoconfig.binary-kitchen.de:
+- path: /etc/nginx/ssl/autoconfig.binary-kitchen.de.crt
+  user: root
+  group: root
+  perm: '400'
+  format: crt,ca
+  action: '/usr/sbin/service nginx restart'
+- path: /etc/nginx/ssl/autoconfig.binary-kitchen.de.key
+  user: root
+  group: root
+  perm: '400'
+  format: key
+  action: '/usr/sbin/service nginx restart'
+
 www.ccc-r.de:
 - path: /etc/nginx/ssl/www.ccc-r.de.crt
   user: root
diff --git a/roles/web/files/vhost b/roles/web/files/vhost
index c6e4274..2a7c021 100644
--- a/roles/web/files/vhost
+++ b/roles/web/files/vhost
@@ -85,6 +85,36 @@ server {
 	}
 }
 
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name autoconfig.binary-kitchen.de;
+
+	location /.well-known/acme-challenge {
+		default_type "text/plain";
+		alias /var/www/acme-challenge;
+	}
+
+	location / {
+		return 301 https://autoconfig.binary-kitchen.de$request_uri;
+	}
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	server_name autoconfig.binary-kitchen.de;
+
+	ssl_certificate_key /etc/nginx/ssl/autoconfig.binary-kitchen.de.key;
+	ssl_certificate /etc/nginx/ssl/autoconfig.binary-kitchen.de.crt;
+
+	root /var/www/autconfig;
+
+	default_type text/html;
+}
+
 server {
 	listen 80;
 	listen [::]:80;
diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml
index f02eef6..f2976ad 100644
--- a/roles/web/tasks/main.yml
+++ b/roles/web/tasks/main.yml
@@ -8,13 +8,23 @@
     - php-sqlite3
     - php-xml
 
-- name: Create vhost directory
-  file: path=/var/www/kitchen state=directory owner=www-data group=www-data
+- name: Create vhost directories
+  file: path=/var/www/{{ item }} state=directory owner=www-data group=www-data
+  with_items:
+  - autoconfig
+  - autoconfig/mail
+  - ccc-r
+  - makerspace-regensburg
+  - kitchen
 
 - name: Ensure (BK) certificates are available
   command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.binary-kitchen.de.key -out /etc/nginx/ssl/www.binary-kitchen.de.crt -days 730 -subj "/CN=www.binary-kitchen.de" creates=/etc/nginx/ssl/www.binary-kitchen.de.crt
   notify: Restart nginx
 
+- name: Ensure (BK autodiscover) certificates are available
+  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/autoconfig.binary-kitchen.de.key -out /etc/nginx/ssl/autoconfig.binary-kitchen.de.crt -days 730 -subj "/CN=autoconfig.binary-kitchen.de" creates=/etc/nginx/ssl/autoconfig.binary-kitchen.de.crt
+  notify: Restart nginx
+
 - name: Ensure (CCC-R) certificates are available
   command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.ccc-r.de.key -out /etc/nginx/ssl/www.ccc-r.de.crt -days 730 -subj "/CN=www.ccc-r.de" creates=/etc/nginx/ssl/www.ccc-r.de.crt
   notify: Restart nginx
@@ -23,6 +33,9 @@
   command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.makerspace-regensburg.de.key -out /etc/nginx/ssl/www.makerspace-regensburg.de.crt -days 730 -subj "/CN=www.makerspace-regensburg.de" creates=/etc/nginx/ssl/www.makerspace-regensburg.de.crt
   notify: Restart nginx
 
+- name: Place Thunderbird autoconfig file
+  template: src=auto_mail.xml.j2 dest=/var/www/autoconfig/mail/config-v1.1.xml
+
 - name: Configure certificate manager
   copy: src=certs dest=/etc/acertmgr/www.binary-kitchen.de.conf
   notify: Run acertmgr
diff --git a/roles/web/templates/auto_mail.xml.j2 b/roles/web/templates/auto_mail.xml.j2
new file mode 100644
index 0000000..d91cff2
--- /dev/null
+++ b/roles/web/templates/auto_mail.xml.j2
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<clientConfig version="1.1">
+  <emailProvider id="binary-kitchen.de">
+    <domain>{{ mail_domain }}</domain>
+    <displayName>Binary Kitchen</displayName>
+    <displayShortName>Binary Kitchen</displayShortName>
+    <incomingServer type="imap">
+      <hostname>{{ mail_server }}</hostname>
+      <port>993</port>
+      <socketType>SSL</socketType>
+      <authentication>password-encrypted</authentication>
+      <username>%EMAILLOCALPART%</username>
+    </incomingServer>
+    <incomingServer type="imap">
+      <hostname>{{ mail_server }}</hostname>
+      <port>143</port>
+      <socketType>STARTTLS</socketType>
+      <authentication>password-encrypted</authentication>
+      <username>%EMAILLOCALPART%</username>
+    </incomingServer>
+    <outgoingServer type="smtp">
+      <hostname>{{ mail_server }}</hostname>
+      <port>465</port>
+      <socketType>SSL</socketType>
+      <authentication>password-encrypted</authentication>
+      <username>%EMAILLOCALPART%</username>
+    </outgoingServer>
+    <outgoingServer type="smtp">
+      <hostname>{{ mail_server }}</hostname>
+      <port>587</port>
+      <socketType>STARTTLS</socketType>
+      <authentication>password-encrypted</authentication>
+      <username>%EMAILLOCALPART%</username>
+    </outgoingServer>
+    <documentation url="https://www.binary-kitchen.de/wiki/infra:start#e-mail">
+      <descr lang="de">Beschreibung der Einstellungen</descr>
+      <descr lang="en">Generic settings description</descr>
+    </documentation>
+  </emailProvider>
+</clientConfig>