diff --git a/conf/nginx.conf b/conf/nginx.conf
index db1a38a2..eb9a6335 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -53,6 +53,20 @@ server {
 		fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock;
 	}
 
+	# Microsoft Exchange autodiscover.xml for email
+	location /autodiscover/autodiscover.xml {
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-exchange-autodiscover.php;
+		fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock;
+	}
+
+	# Z-Push (Microsoft Exchange ActiveSync)
+	location /Microsoft-Server-ActiveSync {
+	        include /etc/nginx/fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
+		fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock;
+	}
+
 	# ADDITIONAL DIRECTIVES HERE
 }
 
diff --git a/setup/web.sh b/setup/web.sh
index 2aad8d05..8366bef7 100755
--- a/setup/web.sh
+++ b/setup/web.sh
@@ -36,9 +36,14 @@ rm -f /etc/init.d/php-fastcgi
 ln -s $(pwd)/conf/phpfcgi-initscript /etc/init.d/php-fastcgi
 update-rc.d php-fastcgi defaults
 
-# Put our webfinger server script into a well-known location.
-cp tools/webfinger.php /usr/local/bin/mailinabox-webfinger.php
-chown www-data.www-data /usr/local/bin/mailinabox-webfinger.php
+# Put our webfinger and Exchange autodiscover.xml server scripts
+# into a well-known location.
+for f in webfinger exchange-autodiscover; do
+	cp tools/$f.php /usr/local/bin/mailinabox-$f.php
+	chown www-data.www-data /usr/local/bin/mailinabox-$f.php
+done
+
+# Make some space for users to customize their webfinger responses.
 mkdir -p $STORAGE_ROOT/webfinger/acct;
 chown -R $STORAGE_USER $STORAGE_ROOT/webfinger
 
diff --git a/setup/zpush.sh b/setup/zpush.sh
new file mode 100755
index 00000000..a7347eb3
--- /dev/null
+++ b/setup/zpush.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+#
+# Z-Push: The Microsoft Exchange protocol server.
+# Mostly for use on iOS which doesn't support IMAP.
+#
+# Although Ubuntu ships Z-Push (as d-push) it has a dependency on Apache
+# so we won't install it that way.
+#
+# Thanks to http://frontender.ch/publikationen/push-mail-server-using-nginx-and-z-push.html.
+
+source setup/functions.sh # load our functions
+source /etc/mailinabox.conf # load global vars
+
+# Prereqs.
+
+apt_install \
+	php-soap php5-imap
+
+php5enmod imap
+
+# Copy Z-Push into place.
+
+if [ ! -d /usr/local/lib/z-push ]; then
+	ZPUSH=z-push-2.1.3-1892
+	wget -O /tmp/zpush.tgz http://download.z-push.org/final/2.1/$ZPUSH.tar.gz
+	tar -C /tmp -zxf /tmp/zpush.tgz
+	mv /tmp/$ZPUSH /usr/local/lib/z-push
+	ln -s /usr/local/lib/z-push/z-push-admin.php /usr/sbin/z-push-admin
+	ln -s /usr/local/lib/z-push/z-push-top.php /usr/sbin/z-push-top
+	rm /tmp/zpush.tgz;
+fi
+
+# Configure. Tell is to connect to email via IMAP using SSL. Since we connect on
+# localhost, the certificate won't match (it may be self-signed and invalid anyway)
+# so don't check the cert.
+sed -i "s/define('BACKEND_PROVIDER', .*/define('BACKEND_PROVIDER', 'BackendIMAP');/" /usr/local/lib/z-push/config.php
+#sed -i "s/define('IMAP_SERVER', .*/define('IMAP_SERVER', '$PRIMARY_HOSTNAME');/" /usr/local/lib/z-push/backend/imap/config.php
+sed -i "s/define('IMAP_PORT', .*/define('IMAP_PORT', 993);/" /usr/local/lib/z-push/backend/imap/config.php
+sed -i "s/define('IMAP_OPTIONS', .*/define('IMAP_OPTIONS', '\/ssl\/norsh\/novalidate-cert');/" /usr/local/lib/z-push/backend/imap/config.php
+
+
+# Some directories it will use.
+
+mkdir -p /var/log/z-push
+mkdir -p /var/lib/z-push
+chmod 750 /var/log/z-push
+chmod 750 /var/lib/z-push
+chown www-data:www-data /var/log/z-push
+chown www-data:www-data /var/lib/z-push
+
+# Restart service.
+
+service php-fastcgi restart
+
diff --git a/tools/exchange-autodiscover.php b/tools/exchange-autodiscover.php
new file mode 100755
index 00000000..77b0b966
--- /dev/null
+++ b/tools/exchange-autodiscover.php
@@ -0,0 +1,92 @@
+<?php
+	// Parse our configuration file to get the PRIMARY_HOSTNAME.
+	$PRIMARY_HOSTNAME = NULL;
+	foreach (file("/etc/mailinabox.conf") as $line) {
+		$line = explode("=", rtrim($line), 2);
+		if ($line[0] == "PRIMARY_HOSTNAME") {
+			$PRIMARY_HOSTNAME = $line[1];
+		}
+	}
+	if ($PRIMARY_HOSTNAME == NULL) exit("no PRIMARY_HOSTNAME");
+
+	// We might get two kinds of requests.
+	$post_body = file_get_contents('php://input');
+	preg_match('/<AcceptableResponseSchema>(.*?)<\/AcceptableResponseSchema>/', $post_body, $match);
+	$AcceptableResponseSchema = $match[1];
+
+	if ($AcceptableResponseSchema == "http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006") {
+		// There is no way to convey the user's login name with this?
+		?>
+<?xml version="1.0" encoding="utf-8"?>
+<Autodiscover
+xmlns:autodiscover="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
+    <autodiscover:Response>
+        <autodiscover:Action>
+            <autodiscover:Settings>
+                <autodiscover:Server>
+                    <autodiscover:Type>MobileSync</autodiscover:Type>
+                    <autodiscover:Url>https://<?php echo $PRIMARY_HOSTNAME ?></autodiscover:Url>
+                    <autodiscover:Name>https://<?php echo $PRIMARY_HOSTNAME ?></autodiscover:Name>
+                </autodiscover:Server>
+            </autodiscover:Settings>
+        </autodiscover:Action>
+    </autodiscover:Response>
+</Autodiscover>
+<?php
+	} else {
+
+	// I don't know when this is actually used. I implemented this before seeing that
+	// it is not what my phone wanted.
+
+	// Parse the email address out of the POST request, which
+	// we pass back as the login name.
+	preg_match('/<EMailAddress>(.*?)<\/EMailAddress>/', $post_body, $match);
+	$LOGIN = $match[1];
+
+	header("Content-type: text/xml");
+?>
+<?xml version="1.0" encoding="utf-8" ?>
+<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
+	<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
+		<ServiceHome>https://<?php echo $PRIMARY_HOSTNAME ?></ServiceHome>
+		<Account>
+			<AccountType>email</AccountType>
+			<Action>settings</Action>
+
+			<Protocol>
+				<Type>IMAP</Type>
+				<Server><?php echo $PRIMARY_HOSTNAME ?></Server>
+				<Port>993</Port>
+				<SSL>on</SSL>
+				<LoginName><?php echo $LOGIN ?></LoginName>
+			</Protocol>
+
+			<Protocol>
+				<Type>SMTP</Type>
+				<Server><?php echo $PRIMARY_HOSTNAME ?></Server>
+				<Port>587</Port>
+				<SSL>on</SSL>
+				<LoginName><?php echo $LOGIN ?></LoginName>
+			</Protocol>
+
+			<Protocol>
+				<Type>DAV</Type>
+				<Server>https://<?php echo $PRIMARY_HOSTNAME ?></Server>
+				<SSL>on</SSL>
+				<DomainRequired>on</DomainRequired>
+				<LoginName><?php echo $LOGIN ?></LoginName>
+			</Protocol>
+
+			<Protocol>
+				<Type>WEB</Type>
+				<Server>https://<?php echo $PRIMARY_HOSTNAME ?>/mail</Server>
+				<SSL>on</SSL>
+			</Protocol>
+		</Account>
+	</Response>
+</Autodiscover>
+
+	<?php
+	}
+	?>
+