You are not logged in.

#1 2017-04-11 19:19:16

J.Archer
Banned
Registered: 2016-12-31
Posts: 19

Security exception installing Thunderbird

Hi,
Just relized that Thunderbird on Arch won't play nice with my ISP. Thunderbird apparently discovers the mail server with a trailing ":993", which is not present in their certificate, thus causing a warning about it and requiring a security exception to be made in order to configure thunderbird.

What do you guys do? Have anyone seen this? What would be the proper thing to do in such case? I obviously want a mail client, and preferably thunderbird... In my previous many years with other distributions I have never ever come across this problem, nor have my ISP's support specialists. Naturally I want to use SSL/TLS...

Thanks

Offline

#2 2017-04-11 19:31:12

Raynman
Member
Registered: 2011-10-22
Posts: 1,539

Re: Security exception installing Thunderbird

Port 993 is standard for IMAP over SSL. Seems unlikely that this would be a problem.

https://bbs.archlinux.org/viewtopic.php?id=57855

Last edited by Raynman (2017-04-11 19:31:50)

Offline

#3 2017-04-11 20:19:57

J.Archer
Banned
Registered: 2016-12-31
Posts: 19

Re: Security exception installing Thunderbird

Exactly. As I already wrote, the problem is that Thunderbird discovers the mail server in one way, and the ssl certificat is set out for a different server name = the cause for the exception. What I don't get is how a case like this should be handled in Arch Linux, has it been seen before, and what solved it, if it did?

I have set thunderbird up 50+ times before on different distros (at work and private), so there is no problem with that part of it at least. This is the first time on Arch though, so yes, something is definately different on Arch. Maybe I have to read up on the IMAP RFQ to find out what the correct way for an IMAP mail server is to present itself. If it turns out to be "<FQDN>:993", then it is my ISP who is at fault here and discussion is over. I am just wondering if anyone else have seen it before, and what I could do, if anything. Google turned up a few similar cases, mostly other distros, but no sollution, just misconfigurations on the users part. This is not the case here.

The error/warning I get is when attempting a configuration is "You are about to override how Thunderbird identifies this site" Everything about it says "Don't do it", but what alternative do I have? Evolution does not offer what I need, and no other clients are even close to thuderbird, I've tried a lot of them in the past year, but may ofcourse have missed a few.

I guess I could just accept the exception, but that does not seem to be the best solution, nor very security minded.

Offline

#4 2017-04-11 21:52:27

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: Security exception installing Thunderbird

The port should not be part of the verification process, my imap ssl certificate has "CN=imap.example.com" and it works perfectly fine with thunderbird connecting to imap.example.com:993 (provider name replaced with 'example').
Either your thunderbird installation does some strange verifications, or you really have some other problem with the certificate. What exactly is the error message?

Last edited by progandy (2017-04-11 21:56:53)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#5 2017-04-12 13:17:14

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,866

Re: Security exception installing Thunderbird

J.Archer : does your ISP use STARTTLS or SSL/TLS ?

Does changing authentication method make a difference ?


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#6 2017-04-12 13:34:55

J.Archer
Banned
Registered: 2016-12-31
Posts: 19

Re: Security exception installing Thunderbird

Hi,
The error is displayed in a dialog called "Add Security Exception" and reads;
"You are about to override how Thunderbird identifies this site. Legitimate banks, stores, and other public sites will not ask you to do this.
Location: imap.example.net:993" with a "Confirm Security Exception" below.

In my ssl certificate I find "CN = imap.example.net", where my isp is also replaced by 'example'.

Thunderbird is installed via "sudo pacman -S thunderbird", then started and when hitting 'Done' on the "Mail Account Setup" dialog, I get the error. I have tried to uninstall, remove ~/.thunderbird/ reinstalled, but still the same...

Offline

#7 2017-04-12 13:39:51

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,866

Re: Security exception installing Thunderbird

J.Archer : is this through auto-discovery or manual setup ?

If auto-discovery, try setting up connection details / server addresses manually


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#8 2017-04-12 17:23:37

J.Archer
Banned
Registered: 2016-12-31
Posts: 19

Re: Security exception installing Thunderbird

Lone_Wolf wrote:

J.Archer : is this through auto-discovery or manual setup ?

If auto-discovery, try setting up connection details / server addresses manually

Thanks for the suggestion. It is manual, ie at first I have to enter name and email/password, after that step I can select to configure it manually, which I always do since SSL/TLS is not autoprobed from my ISP.

Offline

#9 2017-04-12 17:26:27

J.Archer
Banned
Registered: 2016-12-31
Posts: 19

Re: Security exception installing Thunderbird

Just to doublecheck I configured Evolution without any problems at all... But if I have a choice, I really don't want to use that

Offline

#10 2017-04-14 04:20:18

J.Archer
Banned
Registered: 2016-12-31
Posts: 19

Re: Security exception installing Thunderbird

I take it there is no more ides of what might be wrong. How would I downgrade Thunderbird? I havent found much info at all about that, and packages on Arch web site only shows latest...

Offline

#11 2017-04-14 07:53:45

x33a
Forum Fellow
Registered: 2009-08-15
Posts: 4,587

Re: Security exception installing Thunderbird

Why do you think that previous versions of Thunderbird will work fine? If you still want to downgrade: https://wiki.archlinux.org/index.php/Arch_Linux_Archive

If you want help in figuring out the correct solution, you have to tell us about your ISP and the address of their mailserver. It is perfectly fine if you don't want to disclose that information, but there's only so much we can do without having all the information.

Offline

#12 2017-04-14 08:26:38

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: Security exception installing Thunderbird

J.Archer wrote:

something is definitely different on Arch

Arch probably has more recent versions of openssl and nss and ca-certificates, which might have increased their strictness in certificate checking.

Edit: Added ca-certificates.

Last edited by brebs (2017-04-14 08:28:57)

Offline

#13 2017-04-14 18:18:38

J.Archer
Banned
Registered: 2016-12-31
Posts: 19

Re: Security exception installing Thunderbird

x33a wrote:

Why do you think that previous versions of Thunderbird will work fine? .

I don't. I merely thought of it as a potential way forward, not ideal though. I get that you have done all you can with the information given, and I appeciate that a lot.

Offline

#14 2017-04-14 18:21:21

J.Archer
Banned
Registered: 2016-12-31
Posts: 19

Re: Security exception installing Thunderbird

brebs wrote:
J.Archer wrote:

something is definitely different on Arch

Arch probably has more recent versions of openssl and nss and ca-certificates, which might have increased their strictness in certificate checking.

Edit: Added ca-certificates.

Yes, I haven't verified that yet, but either that, or thunderbird is compiled with some stricter certificate checking as well. As I wrote, I have working mail, but will keep fiddling with this hoping to find the cause.

Thanks all for your help and suggestions.

Offline

Board footer

Powered by FluxBB