Suddenly Thunderbird on Windows 10 cannot download from or send emails via my home email server
I have an IMAP mail server setup on a Raspberry Pi and have successfully used Thunderbird for many years, on both Windows 7 and now Windows 10 to receive and send emails via the server account. Suddenly, last week, it stopped! I noticed that when trying to read emails, the 'spinning' wheel appeared and never stopped. If I tried to send an email, I get a dialog that says 'Sending of the message failed. Certificate type not approved for application. The configuration related to <domain> must be corrected.' The crazy thing is that I have setup Thunderbird on a laptop running Linux Mint and it works with this account perfectly! In addition, in fristration, I have also set up a 'Sylpheed' client on Windows 10 and this also works perfectly. In addition, the Thunderbird application works perfectly with other ISP emails. So, it looks like there is nothing wrong with my home server setup - it works with two independent clients. There's nothing fundamentally wrong with the Win10 Thunderbird client as it works with other accounts. It just will NOT work with my home account! I've tried deleting the account and rebuilding it, but that just gives me the same message on 'send' and will not download messages on receive. And I'm at a loss what to do!! Sure, I can use Sylpheed or use the Linux machine - but I'd really like to continue to use TBird as before. So - any assistance gratefully received!
Chosen solution
OK, well I've solved the problem. It WAS a certificate problem. Due to the covid-19 crisis and travel restrictions, a critical (remote) server in the CACert chain apparently is down, and cannot be fixed as it is not available remotely, and requires a physical visit (so I have been informed). Somehow, this is stopping the certificate process for CACert (cacert.org) TLS authorisation working correctly. As it may take many weeks - months? - for this to be fixed, I looked for an alternative. I'd always thought that 'Lets Encrypt' required a running web server, but found this is not the case. So, I applied for and received a 'standalone' certificate and associated private key, and reconfigured both Postfix and Dovecot to use this rather than the CACert certificate. And Thunderbird works! I used the information contained at [Let's Encrypt / Dovecot / Postfix / UFW firewall / Certbot] https://gist.github.com/mrothNET/cb6f313e9cbe896f3e0fdec80ad2f3fa with a bit of tweaking to reflect my configuration on a RaspberryPi and all is fixed. Thanks for all the assistance provided - and hopefully, if others are having a similar problem, this will encourage them......
Skaityti atsakymą kartu su kontekstu 👍 0All Replies (11)
Please post a screenshot of the error. https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem
It is very difficult to post a screenshot of 'the error'. As I said in the first email, the indications that something is wrong are that I cannot connect to the locally hosted mail server from the Windows instance of Thunderbird. If I try and send a message from the same server, I get a dialog 'Sending of the message failed. Certificate type not approved for application. The configuration related to <domain> must be corrected.' However, let me say very clearly that there is NOTHING wrong with the mailserver. On Windows, as I cannot get Thunderbird to work FOR THIS ACCOUNT (it is working for other ISP mail accounts) I am using Sylpheed to send and receive messages from my home server. On my Linux Mint laptop, I have set up Thunderbird using the SAME server settings and it works perfectly - as it always did for years with Thunderbird on Windows. So, again, crystal clear there is NOTHING wrong with server or server settings. The only 'error' I could send a picture of would be the dialog - and it is quite clear what this says (above). I hope this helps? Thanks - Mike
Modified
Following my last, I'm quite happy to uninstall Thunderbird and reinstall, but will any components stay 'in situ' and just replicate the error? Also, I have a couple of now defunct accounts and have saved the emails from them. How can I make certain I can replicate these? (I can no longer login to the accounts as accounts have been closed). Will this help? After all, a new instance of Thunderbird in Linux works!!
More information. I have a desktop computer with Windows 7 on it (yes, I know.....!). This also had Thunderbird installed, and if I tried to setup a new email account to the home server, firstly I had a lot of difficulties - even using the local IP address of the server rather than the FQDN. So, I saved the entire Thunderbird profile; uninstalled the program; renamed the profile that was left over after uninstalling and reinstalled from scratch. Again, had exactly the same problems with getting T'bird to recognise the server settings (SSL/TLS port 993 and port 465) although as I've stated, when I did this recently on Linux, it worked - and continues to work - flawlessly. I used manual settings eventually - it kept telling me the configuration or password was wrong, even though I know it isn't! And, as before, if I try to send a message, I get the same error dialog. I've added a screenshot of the dialog and an attempted test message. So, it really looks like this is a specific Windows problem. Won't work on Windows 10 or Windows 7. WILL work on Linux! Any comments gratefully received!
I'm sure this has something to do with certificates? I've just setup Thunderbird - again - this time on a spare RaspberryPi which is, of course, running Linux. And it works!! However, it did warn me that the certificates were invalid and it worked after I confirmed an 'exception' (The certificate are, I believe, mine and from CACert, which, unfortunately is down at the moment and I understand can't be fixed due to covid19 restrictions. And recall this is a local "home server" so no security issues.) But why is this OK on Linux and NOT Windows? Is there a way I can 'reconfirm' an exception in the Windows app - or does it work differently to that in Linux app? Thanks!
you know it is something with the certificates. If you have one of tht anti virus programs scanning mail on SSL connections, they probably need to to manually install their certificate as a certifying authority so the mail scanner can work. Personally I would deal with no scanning in email.
Thunderbird is also now checking the validity of certificate with the issuing authority. Is you raspberry pi using a self signed certificate perhaps? If so that will be the issue.
... it did warn me that the certificates were invalid and it worked after I confirmed an 'exception'
What was the exact error code?
You can try to start Windows in safe mode with networking enabled. - Win10 https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode - Win8 https://support.microsoft.com/en-us/help/17076/windows-8-startup-settings-safe-mode - Win7 https://support.microsoft.com/en-us/help/17419/windows-7-advanced-startup-options-safe-mode#start-computer-safe-mode=windows-7
Does the problem go away?
Thanks Matt for helpful comments. A couple of issues. I do have an anti-virus program - Sophos Endpoint Security and Control v10.8 - but I'm pretty certain it hasn't changed it's mode of operation ie Thunderbird always ran perfectly in conjunction with it before. I'd tend to tick that off as a given. It clearly is a certificate problem, but what intrigues me is that a new instance of Thunderbird on a Linux machine (two, actually!) works perfectly - after a warning about certificates, I agree - but a new instance on a Windows machine just won't work. So, again - is there a fundamental difference between the way Thunderbird operates under Windows to how it operates when running on Linux? There is a clue to this. My certificate on the RPi is one sourced from CA.org. Remember, this has been working for some years - flawlessly. However, I understand that CA.org is having problems at the moment due to the covid19 virus restrictions. One of their servers in the certificate issuance and approval stream is playing up. It is in a remote location and NOT accessible over the internet - and no-one is allowed to physically attend to it. But again - if a Linux TBird instance works, even given this problem, why doesn't a Windows instance? Same RPi server. Same certificates. Same everything!! But, again, thanks for the very helpful comments. I'll look at the certificate issue in greater detail - although I may have to live with it for now. Covid19 is affecting everything!!
Hmm. Interesting. So I tried to 'correct' the email server (Postfix and Dovecot) certificates today - as best I can given the problems with CACert - and now the Linux instance that previously worked is giving exactly the same symptoms as the Windows instance. In one respect, I can almost breathe a sigh of relief - at least they are both stuffed!! But it clearly shows that the whole issue of server certificates is causing the underlying problems. Why did it work before on Linux and not Windows? Who knows? All I know now is that I clearly have a server certificate problem. At least it gives me a clue as to where to investigate! Mike
christ1 said
... it did warn me that the certificates were invalid and it worked after I confirmed an 'exception'What was the exact error code?
You can try to start Windows in safe mode with networking enabled. - Win10 https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode - Win8 https://support.microsoft.com/en-us/help/17076/windows-8-startup-settings-safe-mode - Win7 https://support.microsoft.com/en-us/help/17419/windows-7-advanced-startup-options-safe-mode#start-computer-safe-mode=windows-7
Does the problem go away?
I haven't tried this yet - although I must say from my investigations so far (see above), I very much doubt if it will make a scrap of difference. Now I'm quite convinced it is an underlying server problem - not a client problem.
Modified
Chosen Solution
OK, well I've solved the problem. It WAS a certificate problem. Due to the covid-19 crisis and travel restrictions, a critical (remote) server in the CACert chain apparently is down, and cannot be fixed as it is not available remotely, and requires a physical visit (so I have been informed). Somehow, this is stopping the certificate process for CACert (cacert.org) TLS authorisation working correctly. As it may take many weeks - months? - for this to be fixed, I looked for an alternative. I'd always thought that 'Lets Encrypt' required a running web server, but found this is not the case. So, I applied for and received a 'standalone' certificate and associated private key, and reconfigured both Postfix and Dovecot to use this rather than the CACert certificate. And Thunderbird works! I used the information contained at [Let's Encrypt / Dovecot / Postfix / UFW firewall / Certbot] https://gist.github.com/mrothNET/cb6f313e9cbe896f3e0fdec80ad2f3fa with a bit of tweaking to reflect my configuration on a RaspberryPi and all is fixed. Thanks for all the assistance provided - and hopefully, if others are having a similar problem, this will encourage them......