You are not logged in.

#1 2017-03-03 03:14:10

ljshap
Member
From: Ossining, NY
Registered: 2008-01-23
Posts: 160

Thunderbird and Yahoo or Gmail

Is anybody else having problems accessing their Yahoo or GMail accounts using Thunderbird.

This problem has only occured in the last week or two and applies to Yahoo, GMail and outlook.  Thunderbird is still working for primary EMail account, so I don't know if its a thunderbird issue or whether all three companies updated their security policies.
I know that Yahoo in the name of "updated security" is blocking "less secure" clients, which I assume is an excuse for forcing people to use their ad-infected crap. Yahoo also seems to have disabled mail fowarding
which would have been a good workaround for backing up Yahoo mail.


Thanks


Live Free or Die !

Offline

#2 2017-03-03 03:20:55

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,354

Re: Thunderbird and Yahoo or Gmail

POP+SMTP or IMAP?


Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

#3 2017-03-03 03:56:33

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,740

Re: Thunderbird and Yahoo or Gmail

Gmail and Thunderbird, no issues -- including signing and encryption via GPG.  Is Yahoo still around?  All know is they won't deliver our forum email and won't respond to inquiries as to why; I thought they had ceased to exist.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#4 2017-03-03 12:39:40

ljshap
Member
From: Ossining, NY
Registered: 2008-01-23
Posts: 160

Re: Thunderbird and Yahoo or Gmail

ngoonee wrote:

POP+SMTP or IMAP?

I was using IMAP, but I also tried POP with no success.


Live Free or Die !

Offline

#5 2017-03-03 13:04:10

ljshap
Member
From: Ossining, NY
Registered: 2008-01-23
Posts: 160

Re: Thunderbird and Yahoo or Gmail

ewaller wrote:

Gmail and Thunderbird, no issues -- including signing and encryption via GPG.  Is Yahoo still around?  All know is they won't deliver our forum email and won't respond to inquiries as to why; I thought they had ceased to exist.

I believe Yahoo is still in the process of being sold to Verizon which took a detour after Yahoo's security problems became public.  Yahoo had really been a great resource int the 1990's but sadly has changed for the worse.  What can you say about a company that blocks mail fowarding:  $@$*$* !

For increased security I tried installing thunderbird-enigmail, which failed due to: "One or more PGP signatures could not be verified!"

Thanks


Live Free or Die !

Offline

#6 2017-03-03 13:17:37

seth
Member
Registered: 2012-09-03
Posts: 50,012

Re: Thunderbird and Yahoo or Gmail

you need to allow "insecure" clients on gmail as well:
http://www.ghacks.net/2014/07/21/gmail- … le-access/

But thunderbird should receive and post a message from gmail (incl. a link on the topic)

@ewaller, google "yahoo DMARC" - luckily yahoo is now as good as dead ...

Offline

#7 2017-03-03 14:53:29

ljshap
Member
From: Ossining, NY
Registered: 2008-01-23
Posts: 160

Re: Thunderbird and Yahoo or Gmail

seth wrote:

you need to allow "insecure" clients on gmail as well:
http://www.ghacks.net/2014/07/21/gmail- … le-access/

But thunderbird should receive and post a message from gmail (incl. a link on the topic)

@ewaller, google "yahoo DMARC" - luckily yahoo is now as good as dead ...


Sorry, I forget to write that I had already changed to setting to allow less secure clients.  I went back and forth on that and it didn't change a thing.  I never received any EMail from Yahoo or Google other than EMails from Yahoo stating that my security settings were changed.

  The mistakes made at Yahoo the past few years have been mind boggling, and if Verizon goes ahead with the purchase it will be a marriage made in hell.  The joke is that all I'm trying to do is back up many years of email and say good riddance to a one great web site. I suspect that Yahoo is blocking all third party clients and not just less secure clients.

Thanks


Live Free or Die !

Offline

#8 2017-03-03 15:11:23

djgera
Developer
From: Buenos Aires - Argentina
Registered: 2008-12-24
Posts: 723
Website

Re: Thunderbird and Yahoo or Gmail

There is no need to enable "insecure" clients. For Thunderbird authenticate with OAuth2 protocol. And for clients that does not support OAuth2 you can still avoid enabling the "insecure" option by making a password for custom application (for example for msmtp).

Offline

#9 2017-03-03 16:14:28

seth
Member
Registered: 2012-09-03
Posts: 50,012

Re: Thunderbird and Yahoo or Gmail

The msmtp wiki says "Enable two factor authentication and create an app password" and I frankly fail to understand the implication of that.
Assuming adding more passwords (depending on the totally not fakable useragent) would any security: what does that have to do with two factor authentication, were google would like to send me SMS - or even voicecall me? for a TAN?

Have you actually done this?

Offline

#10 2017-03-04 01:33:29

ljshap
Member
From: Ossining, NY
Registered: 2008-01-23
Posts: 160

Re: Thunderbird and Yahoo or Gmail

Usually I'm way too tenacious to give up, but I've wasted too much time on this already for something that doesn't have that much importance right now.  When I finally kill my Yahoo account I won't be losing any important emails.  Thunderbird is working fine for my primary email which is what I really care about.

When I get a chance I'll take another look at configuring GMail to work with Thunderbird.  My GMail account is very low volume and nothing of great importance.

Thanks for the help

Larry


Live Free or Die !

Offline

#11 2017-03-04 11:24:09

collector1871
Member
From: Poland
Registered: 2016-12-05
Posts: 51

Re: Thunderbird and Yahoo or Gmail

Recently I noticed that I have some problems with login into gmail account.

I just re-login, clear password database and put login and password again. And it is working, no issues at this moment.


My: AUR and homepage .

Offline

#12 2017-03-05 21:35:46

infinarchy
Banned
Registered: 2016-09-19
Posts: 73

Re: Thunderbird and Yahoo or Gmail

empty

Last edited by infinarchy (2017-11-04 21:37:47)

Offline

#13 2017-03-06 01:17:03

ljshap
Member
From: Ossining, NY
Registered: 2008-01-23
Posts: 160

Re: Thunderbird and Yahoo or Gmail

infinarchy wrote:

1.500.000.000+ Yahoo! accounts got hacked in the last year.

In my opinion you shouldn't use Yahoo! at all.

I could not agree with you more!!!
The only reason I cared was to sync Thunderbird with Yahoo and backup or save all my EMail.
The next step was to migrate all registrations with my Yahoo EMail to a different EMail Address.
The final step will be to kill the Yahoo account.

I cannot even image what will happen to Yahoo if Verizon does buy it.  I have Verizon FIOS, so I know what their web and TV interfaces are like. 

PS:  Yahoo is not the only popular company I don't trust.

Thanks


Live Free or Die !

Offline

#14 2017-03-06 11:33:02

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: Thunderbird and Yahoo or Gmail

djgera wrote:

There is no need to enable "insecure" clients. For Thunderbird authenticate with OAuth2 protocol. And for clients that does not support OAuth2 you can still avoid enabling the "insecure" option by making a password for custom application (for example for msmtp).

There is no such option as OAuth2 in my thunderbird, are you using it yourself?

I've been using TB+gmail here without any problems. 2FA is active on gmail and obviously I had to create app passwords and so far I've had no problems.

Edit:
Thunderbird does have the OAuth2 option, for smtp I can select it when creating a new account or change it for an existing account, however it seems I can only select it for POP/IMAP when creating a new account, it does not show on the list for an existing account.

Last edited by R00KIE (2017-03-06 12:00:02)


R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

#15 2017-03-06 12:13:07

Awebb
Member
Registered: 2010-05-06
Posts: 6,275

Re: Thunderbird and Yahoo or Gmail

R00KIE wrote:

Edit:
Thunderbird does have the OAuth2 option, for smtp I can select it when creating a new account or change it for an existing account, however it seems I can only select it for POP/IMAP when creating a new account, it does not show on the list for an existing account.

Albeit being my favorite software for the respective job, Thunderbird is a huge feature dripping clusterfuck.

Offline

#16 2017-03-07 04:16:32

ljshap
Member
From: Ossining, NY
Registered: 2008-01-23
Posts: 160

Re: Thunderbird and Yahoo or Gmail

All problems got solved by changing my router setting from high security to medium security, leaving all settings as they were.  I'm confused because I definitely would have noticed if the problems occurred soon after changing settings.  I know I always check to make sure that things are working after making changes.  Besides its been quite a while since I changed the router settings.   Oh Well.

Thanks for the help.

Larry


Live Free or Die !

Offline

#17 2017-03-07 04:40:32

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,354

Re: Thunderbird and Yahoo or Gmail

seth wrote:

The msmtp wiki says "Enable two factor authentication and create an app password" and I frankly fail to understand the implication of that.
Assuming adding more passwords (depending on the totally not fakable useragent) would any security: what does that have to do with two factor authentication, were google would like to send me SMS - or even voicecall me? for a TAN?

Have you actually done this?

App passwords are an alternative security path for clients which don't support 2 factor. A randomly generated password used only for that app (and labeled as such in your gmail security settings).

This reduces the threat surface because the user themselves do not write down or remember the password, and the password can only be used by that app (i.e. having that password does not, IIRC, allow login to gmail, only access to the emails themselves (which you would have access to if you crack the app using it anyway).

And you can cut off access to app passwords if you lose a device or find it's compromised. Basically much better than using one password (however complex) without 2-factor, and a pretty good in-between overall.


Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

#18 2017-03-07 07:33:03

seth
Member
Registered: 2012-09-03
Posts: 50,012

Re: Thunderbird and Yahoo or Gmail

ngoonee wrote:

App passwords are an alternative security path for clients which don't support 2 factor.

Then why should I pass google my phone number to activate this?

ngoonee wrote:

This reduces the threat surface because the user themselves do not write down or remember the password

... like in ~/.msmtprc?

ngoonee wrote:

the password can only be used by that app (i.e. having that password does not, IIRC, allow login to gmail, only access to the emails themselves

I do completely see why it would make sense to have different passwords for different google services, but I could have simply offered different passwords for different google services instead of this 2F/app-password weirdness, yesno? It's not like I could not just spoof the app user agent with random tools - I can use that password with whatever I want.

ngoonee wrote:

And you can cut off access to app passwords if you lose a device or find it's compromised.

... by simply altering the password(s) - I might have somewhen passed the global password into that device for some reason anyway. And I probably just lost sth. that's logged into google entirely (so best thing is to remote-kill the device)

Sorry, this still looks a hell lot like fake-security to me (from what I've heard so far) - I just compromise another phone number (for it's not two-factor if I use the same phone for login and sms confirmation)

Offline

#19 2017-03-07 09:33:58

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,354

Re: Thunderbird and Yahoo or Gmail

seth wrote:

Then why should I pass google my phone number to activate this?

Sorry, this still looks a hell lot like fake-security to me (from what I've heard so far) - I just compromise another phone number (for it's not two-factor if I use the same phone for login and sms confirmation)

You're conflating 2-factor and app passwords. 2-factor requires a phone number (or google authenticator, or a physical tag) because the basic idea is 'something you know' + 'something you have' being safer than just 'something you know' (password).

The whole point is that having a password stolen does not compromise security. If someone steals your phone, they have the 'something' (which is your simcard, not your phone per se), which you can recover from your telco. They do not have your password hence your security is not compromised. If someone steals your password via keylogger, they do not have your simcard or phone and hence the system is not compromised.

seth wrote:

... like in ~/.msmtprc

I do completely see why it would make sense to have different passwords for different google services, but I could have simply offered different passwords for different google services instead of this 2F/app-password weirdness, yesno? It's not like I could not just spoof the app user agent with random tools - I can use that password with whatever I want.

If you have your plain text password in any text file, you should love app-specific passwords. If it's an app specific password then compromising this does not compromise the whole system, as it does not allow access to anything else than you initially allowed it for.

seth wrote:
ngoonee wrote:

And you can cut off access to app passwords if you lose a device or find it's compromised.

... by simply altering the password(s) - I might have somewhen passed the global password into that device for some reason anyway. And I probably just lost sth. that's logged into google entirely (so best thing is to remote-kill the device)

Your password is not saved in plaintext except with crappy apps and crappy setups. And remote-kill won't help you if it is, since the first thing an attacker will do is change your password, so you have now lost access to the system. You can regain it with some communication with google, but good luck in the meantime if you also use that account for banking etc.

2-factor is about as far from 'fake security' as can be, compared to relying on a single password. App-specific passwords are less secure, but using them is still better than a global password for the service.


Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

#20 2017-03-07 14:05:16

seth
Member
Registered: 2012-09-03
Posts: 50,012

Re: Thunderbird and Yahoo or Gmail

I took the 2F/apppw boding  from https://wiki.archlinux.org/index.php/Ms … ctionality

2-factor is about as far from 'fake security' as can be

I didn't claim otherwise - I'm still trying to figure what the "app password" is good for.

A system which allows me to use different passwords for google, gmail, youtube ... would be great, but as it's been described to me so far (or at least as I understood it) i'd have to activate 2F *also* in order to have individual passwords for individual user agents, which  would be just illusion or better security (or usability)

And I'd certainly not want to use actual 2F authentication w/ msmtp or mutt or something, because no sane being enters a password everytime sending a mail ;-)

Offline

#21 2017-03-27 19:39:55

bandreabis
Member
Registered: 2017-03-27
Posts: 1

Re: Thunderbird and Yahoo or Gmail

A quick question:
your DNS? Once I used Google ones Thunderbird began working.

Offline

Board footer

Powered by FluxBB