Security Exceptions poups and can't receive mails.
Hi
For the past weeks I have got some annoying popups regarding Security Exceptions. This is related to accounts that uses two-step verification. These accounts has app pwds created and been modified accordingly. I use a master pwd for all accounts - in total 5 accounts. Three of these accounts are using two-step and the rest just single logon. As there was still issues, I cleaned out all pwds restarted Thunderbird and started from pwd scratch. Then it seemed to work with minor issues - still some Security popups. Then nearly everything broke, all account, except one, stopped being able to send mail, I can receive mail on all account, but only send from one. The only account working is a single logon account. I then tried to clean out the pwd for one of the broken accounts - no good. I created a new app pwd for this account, cleaned out pwds for this account, and was propmted for pwd upon reception. When I try to mails I'm not prompted, and it fails - for good reasons. I'm not prompted for pwd when sending for any of the broken accounts - even the pwd is removed from the list of pwds.
Searching the net gave some hints, could be AV or firewall.
I have tried the following: Verified the settings in Thunderbird several times, tried change them and saving them again. Disabled AV and firewall - no change. Cleaned out all pwds, restarted Thunderbird - no change. Upgraded thunderbird to latest versions. Upgraded AV to latest version, required deinstallation and installation. Verified the settings is compliant with the instruction from the providers.
The last thing I have seen is, when I open Thunderbird I get the Security pop-up, enters the master pwd and I can receive mails on all acounts. After a while the pop-ups starts again and I have to restart thunderbird in order to receive mails on the broken accounts.
My gmail accouts has been working for quite a while since I created the app pwd. The app pwd for the fastmail account is quite new - as this is where I got the Security pop-ups in the beginning. The jubii mail just stopped receing mails with no errors.
So now I stuck. As it relates to three different mail providers I see it as a Thunderbird problem - but I could be wrong.
Any help will be appreciated.
Specs: Windwos 10, 32bit, US edition. All updates installed. Thunderbird v45.6 (was 45.3) AV - Bitdefender Antivirus 2017 (was 2016) Firewall - MS builtin. Mailproviders: fastmail, gmail and jubii
Chosen solution
Now the account that worked was also broken :-( Getting closer I thought I would start from scratch again. Cleaned out all pwds and the cert8.db file. Tried to setup one account at a time, but still got Security Exceptions. Tried some other accounts with the same result. Looked in the certificates and they were issued by Bitdefender? One was ok, but for a wrong site - more later. Searching the net showed this was a known issue and when I turned off some scanning everything feel into place, so it looks like a Bitdefender problem after all. Now I got all my imap accounts running, and will try to enable the settings turned of to figure out what exactly impacts Thunderbird. The last working account is setup to as a pop account, getting mails from another site then the certificate, so I just added an exception as in this case it was ok. Have to move it to a imap at a later point.
The following item must be turned of in Bitdefender: Scan SSL
So I think I need to file a report at bitdefender.
Thanks for pushing me in the right direction, and cleaning out some of my settings.
Read this answer in context 👍 0All Replies (10)
when I open Thunderbird I get the Security pop-up
Please post a screenshot. https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem
Mailproviders: fastmail, gmail and jubii
Please post your Troubleshooting Information. At the top right of the Thunderbird window, click the menu button , then select Help > Troubleshooting Information. Press the Copy text to clipboard button and paste the information into your reply.
Thx
Never seen troubleshooting information before - you learn every day. Trouble info exceeded the buffer limit, so had to split it.
Application Basics
Name: Thunderbird Version: 45.6.0 User Agent: Mozilla/5.0 (Windows NT 10.0; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 Profile Folder: Show Folder
(Local drive) Application Build ID: 20161222195647 Enabled Plugins: about:plugins Build Configuration: about:buildconfig Memory Use: about:memory
Mail and News Accounts account1: INCOMING: account1, , (none) Local Folders, plain, passwordCleartext
account3: INCOMING: account3, , (pop3) pop.leonberger.dk:110, alwaysSTARTTLS, passwordCleartext OUTGOING: , send.one.com:2525, alwaysSTARTTLS, passwordCleartext, true
account4: INCOMING: account4, , (nntp) news.inet.tele.dk:119, plain, passwordCleartext OUTGOING: , smtp.fastmail.com:465, SSL, passwordCleartext, true
account6: INCOMING: account6, , (imap) imap.gmail.com:993, SSL, passwordCleartext OUTGOING: , smtp.gmail.com:465, SSL, passwordCleartext, true
account7: INCOMING: account7, , (imap) imap.jubii.dk:993, SSL, passwordCleartext OUTGOING: , smtp.gmail.com:465, SSL, passwordCleartext, true
account8: INCOMING: account8, , (imap) imap.fastmail.com:993, SSL, passwordCleartext OUTGOING: , smtp.fastmail.com:465, SSL, passwordCleartext, true
account14: INCOMING: account14, , (imap) imap.gmail.com:993, SSL, passwordCleartext OUTGOING: , smtp.gmail.com:465, SSL, passwordCleartext, true
Crash Reports
Extensions ImportExportTools, 3.2.4.1, true, {3ed8cc52-86fc-4613-9026-c1ef969da4c3} Lightning, 4.7.6, true, {e2fda1a4-762b-4020-b5ad-a41df1933103} Bitdefender Antispam Toolbar, 7.0, false, bdThunderbird@bitdefender.com
Important Modified Preferences
Name: Value
accessibility.typeaheadfind.flashBar: 0 browser.cache.disk.capacity: 358400 browser.cache.disk.filesystem_reported: 1 browser.cache.disk.smart_size_cached_value: 358400 browser.cache.disk.smart_size.first_run: false browser.cache.disk.smart_size.use_old_max: false browser.cache.memory.capacity: 24576 extensions.lastAppVersion: 45.6.0 font.internaluseonly.changed: false font.name.monospace.el: Consolas font.name.monospace.tr: Consolas font.name.monospace.x-baltic: Consolas font.name.monospace.x-central-euro: Consolas font.name.monospace.x-cyrillic: Consolas font.name.monospace.x-unicode: Consolas font.name.monospace.x-western: Consolas font.name.sans-serif.el: Calibri font.name.sans-serif.tr: Calibri font.name.sans-serif.x-baltic: Calibri font.name.sans-serif.x-central-euro: Calibri font.name.sans-serif.x-cyrillic: Calibri font.name.sans-serif.x-unicode: Calibri font.name.sans-serif.x-western: Calibri font.name.serif.el: Cambria font.name.serif.tr: Cambria font.name.serif.x-baltic: Cambria font.name.serif.x-central-euro: Cambria font.name.serif.x-cyrillic: Cambria font.name.serif.x-unicode: Cambria font.name.serif.x-western: Cambria font.size.fixed.el: 14 font.size.fixed.tr: 14 font.size.fixed.x-baltic: 14 font.size.fixed.x-central-euro: 14 font.size.fixed.x-cyrillic: 14 font.size.fixed.x-unicode: 14 font.size.fixed.x-western: 14 font.size.variable.el: 17 font.size.variable.tr: 17 font.size.variable.x-baltic: 17 font.size.variable.x-central-euro: 17 font.size.variable.x-cyrillic: 17 font.size.variable.x-unicode: 17 font.size.variable.x-western: 17 gfx.direct3d.last_used_feature_level_idx: 0 mail.openMessageBehavior.version: 1 mail.winsearch.firstRunDone: true mailnews.database.global.datastore.id: 2ad9b09c-7e4a-45e2-ab78-4a72fdd6863 mailnews.database.global.views.conversation.columns: {"threadCol":{"visible":true,"ordinal":"1"},"flaggedCol":{"visible":true,"ordinal":"3"},"attachmentCol":{"visible":false… network.cookie.prefsMigrated: true network.predictor.cleaned-up: true places.database.lastMaintenance: 1483111114 places.history.expiration.transient_current_max_pages: 93902 places.history.expiration.transient_optimal_database_size: 139543674 plugin.importedState: true print.print_printer: Brother MFC-5890CN Printer print.printer_Brother_MFC-5890CN_Printer.print_bgcolor: false print.printer_Brother_MFC-5890CN_Printer.print_bgimages: false print.printer_Brother_MFC-5890CN_Printer.print_command: print.printer_Brother_MFC-5890CN_Printer.print_downloadfonts: false print.printer_Brother_MFC-5890CN_Printer.print_edge_bottom: 0 print.printer_Brother_MFC-5890CN_Printer.print_edge_left: 0 print.printer_Brother_MFC-5890CN_Printer.print_edge_right: 0 print.printer_Brother_MFC-5890CN_Printer.print_edge_top: 0 print.printer_Brother_MFC-5890CN_Printer.print_evenpages: true print.printer_Brother_MFC-5890CN_Printer.print_footercenter: print.printer_Brother_MFC-5890CN_Printer.print_footerleft: print.printer_Brother_MFC-5890CN_Printer.print_footerright: print.printer_Brother_MFC-5890CN_Printer.print_headercenter: print.printer_Brother_MFC-5890CN_Printer.print_headerleft: print.printer_Brother_MFC-5890CN_Printer.print_headerright: print.printer_Brother_MFC-5890CN_Printer.print_in_color: true print.printer_Brother_MFC-5890CN_Printer.print_margin_bottom: 0.5 print.printer_Brother_MFC-5890CN_Printer.print_margin_left: 0.5 print.printer_Brother_MFC-5890CN_Printer.print_margin_right: 0.5 print.printer_Brother_MFC-5890CN_Printer.print_margin_top: 0.5 print.printer_Brother_MFC-5890CN_Printer.print_oddpages: true print.printer_Brother_MFC-5890CN_Printer.print_orientation: 0 print.printer_Brother_MFC-5890CN_Printer.print_pagedelay: 500 print.printer_Brother_MFC-5890CN_Printer.print_paper_data: 9 print.printer_Brother_MFC-5890CN_Printer.print_paper_height: 11,00 print.printer_Brother_MFC-5890CN_Printer.print_paper_size_type: 0 print.printer_Brother_MFC-5890CN_Printer.print_paper_size_unit: 1 print.printer_Brother_MFC-5890CN_Printer.print_paper_width: 8,50 print.printer_Brother_MFC-5890CN_Printer.print_reversed: false print.printer_Brother_MFC-5890CN_Printer.print_scaling: 1,00 print.printer_Brother_MFC-5890CN_Printer.print_shrink_to_fit: false print.printer_Brother_MFC-5890CN_Printer.print_to_file: false print.printer_Brother_MFC-5890CN_Printer.print_unwriteable_margin_bottom: 0 print.printer_Brother_MFC-5890CN_Printer.print_unwriteable_margin_left: 0 print.printer_Brother_MFC-5890CN_Printer.print_unwriteable_margin_right: 0 print.printer_Brother_MFC-5890CN_Printer.print_unwriteable_margin_top: 0 print.printer_Lexmark_E232.print_bgcolor: false print.printer_Lexmark_E232.print_bgimages: false print.printer_Lexmark_E232.print_colorspace: print.printer_Lexmark_E232.print_command: print.printer_Lexmark_E232.print_downloadfonts: false print.printer_Lexmark_E232.print_duplex: 896 print.printer_Lexmark_E232.print_edge_bottom: 0 print.printer_Lexmark_E232.print_edge_left: 0 print.printer_Lexmark_E232.print_edge_right: 0 print.printer_Lexmark_E232.print_edge_top: 0 print.printer_Lexmark_E232.print_evenpages: true print.printer_Lexmark_E232.print_footercenter: print.printer_Lexmark_E232.print_footerleft: print.printer_Lexmark_E232.print_footerright: print.printer_Lexmark_E232.print_headercenter: print.printer_Lexmark_E232.print_headerleft: print.printer_Lexmark_E232.print_headerright: print.printer_Lexmark_E232.print_in_color: true print.printer_Lexmark_E232.print_margin_bottom: 0.5 print.printer_Lexmark_E232.print_margin_left: 0.5 print.printer_Lexmark_E232.print_margin_right: 0.5 print.printer_Lexmark_E232.print_margin_top: 0.5 print.printer_Lexmark_E232.print_oddpages: true print.printer_Lexmark_E232.print_orientation: 0 print.printer_Lexmark_E232.print_page_delay: 50 print.printer_Lexmark_E232.print_pagedelay: 500 print.printer_Lexmark_E232.print_paper_data: 9 print.printer_Lexmark_E232.print_paper_height: 11,00 print.printer_Lexmark_E232.print_paper_name: print.printer_Lexmark_E232.print_paper_size: 0 print.printer_Lexmark_E232.print_paper_size_type: 0 print.printer_Lexmark_E232.print_paper_size_unit: 1 print.printer_Lexmark_E232.print_paper_width: 8,50 print.printer_Lexmark_E232.print_plex_name: print.printer_Lexmark_E232.print_resolution: 8192 print.printer_Lexmark_E232.print_resolution_name: print.printer_Lexmark_E232.print_reversed: false print.printer_Lexmark_E232.print_scaling: 1,00 print.printer_Lexmark_E232.print_shrink_to_fit: false print.printer_Lexmark_E232.print_to_file: false print.printer_Lexmark_E232.print_unwriteable_margin_bottom: 0 print.printer_Lexmark_E232.print_unwriteable_margin_left: 0 print.printer_Lexmark_E232.print_unwriteable_margin_right: 0 print.printer_Lexmark_E232.print_unwriteable_margin_top: 0 security.disable_button.openCertManager: false security.disable_button.openDeviceManager: false security.OCSP.disable_button.managecrl: false
part 2:
Graphics
Adapter Description: NVIDIA GeForce GT 630 Vendor ID: 0x10de Device ID: 0x0f00 Adapter RAM: 4095 Adapter Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_x86_bc939a1cf306360d\nvd3dum,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_x86_bc939a1cf306360d\nvwgf2um,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_x86_bc939a1cf306360d\nvwgf2um,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_x86_bc939a1cf306360d\nvwgf2um Driver Version: 21.21.13.7270 Driver Date: 8-25-2016 Direct2D Enabled: false DirectWrite Enabled: false (10.0.14393.351) ClearType Parameters: D [ Gamma: 2200 Pixel Structure: R ClearType Level: 100 Enhanced Contrast: 50 ] D [ Gamma: 2200 Pixel Structure: R ClearType Level: 100 Enhanced Contrast: 50 ] WebGL Renderer: Google Inc. -- ANGLE (NVIDIA GeForce GT 630 Direct3D11 vs_5_0 ps_5_0) -- OpenGL ES 2.0 (ANGLE 2.1.0.316930d51ea9) GPU Accelerated Windows: 0
AzureCanvasBackend: skia AzureSkiaAccelerated: 0 AzureFallbackCanvasBackend: cairo AzureContentBackend: cairo
JavaScript
Incremental GC: 1
Accessibility
Activated: 0 Prevent Accessibility: 0
Library Versions
Expected minimum version Version in use
NSPR 4.12 4.12
NSS 3.21.3 Basic ECC 3.21.3 Basic ECC
NSS Util 3.21.3 3.21.3
NSS SSL 3.21.3 Basic ECC 3.21.3 Basic ECC
NSS S/MIME 3.21.3 Basic ECC 3.21.3 Basic ECC
In the 'Security Exception' window click the 'View' button. This opens a 'Certificate Viewer' window. Please post a screenshot of that window with the 'Issuer' information visible.
Wrt your Gmail accounts, you should set the 'Authentication type' to 'OAuth2' in your Account Settings for both, Incoming and Outgoing server.
'View' attached.
Changing the 'Auth type' to OAuth2 just gives me an error message - see attached.
The cert for the fastmail.com server has been issued by DigiCert. Normally Thunderbird should trust the DigiCert CA, i.e. it should have the DigiCert certificate in it's built-in certificate store. That doesn't seem to be the case for your Thunderbird.
From the Troubleshooting Information: Profile Folder - Open Folder
This will open the profile folder in Windows Explorer.
Close Thunderbird.
In Windows Explorer locate the file cert8.db and delete it. It will be rebuilt the next time Thunderbird starts. Also delete the file cert_override.txt to remove all permanent exceptions that you may have saved.
Start Thunderbird.
Do you still see the certificate error?
To some extend - it solved part of the problems, so I guess we are making progress.
It's getting very late here (Europe) and I'm not thinking absolutely clear at the moment. I need to do some methodically test on these changes as something started working and something else broke :-) Thanks for the support so far. I'll get back when I'm done testing.
/jan
Chosen Solution
Now the account that worked was also broken :-( Getting closer I thought I would start from scratch again. Cleaned out all pwds and the cert8.db file. Tried to setup one account at a time, but still got Security Exceptions. Tried some other accounts with the same result. Looked in the certificates and they were issued by Bitdefender? One was ok, but for a wrong site - more later. Searching the net showed this was a known issue and when I turned off some scanning everything feel into place, so it looks like a Bitdefender problem after all. Now I got all my imap accounts running, and will try to enable the settings turned of to figure out what exactly impacts Thunderbird. The last working account is setup to as a pop account, getting mails from another site then the certificate, so I just added an exception as in this case it was ok. Have to move it to a imap at a later point.
The following item must be turned of in Bitdefender: Scan SSL
So I think I need to file a report at bitdefender.
Thanks for pushing me in the right direction, and cleaning out some of my settings.
Modified
Wrt Bitdefender also see https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER
... so I just added an exception as in this case it was ok.
Having to add a security exception always means something is wrong. An exception is not the solution, it is a workaround at best. https://support.mozilla.org/en-US/kb/add-security-exception
Thx for the links.
I have not had any problems regarding secure websites, but now I know where to look if it happens.
Yes, I agree, this is merely a workaround, as you say, exceptions means something is wrong. The case here is that the only thing wrong here is the hostname doesn't match, the certificate is completely valid. I have to move to an imap account where I don't have this mismatch.
Modified