Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Security Exceptions poups and can't receive mails.

more options

Hi

For the past weeks I have got some annoying popups regarding Security Exceptions. This is related to accounts that uses two-step verification. These accounts has app pwds created and been modified accordingly. I use a master pwd for all accounts - in total 5 accounts. Three of these accounts are using two-step and the rest just single logon. As there was still issues, I cleaned out all pwds restarted Thunderbird and started from pwd scratch. Then it seemed to work with minor issues - still some Security popups. Then nearly everything broke, all account, except one, stopped being able to send mail, I can receive mail on all account, but only send from one. The only account working is a single logon account. I then tried to clean out the pwd for one of the broken accounts - no good. I created a new app pwd for this account, cleaned out pwds for this account, and was propmted for pwd upon reception. When I try to mails I'm not prompted, and it fails - for good reasons. I'm not prompted for pwd when sending for any of the broken accounts - even the pwd is removed from the list of pwds.

Searching the net gave some hints, could be AV or firewall.

I have tried the following: Verified the settings in Thunderbird several times, tried change them and saving them again. Disabled AV and firewall - no change. Cleaned out all pwds, restarted Thunderbird - no change. Upgraded thunderbird to latest versions. Upgraded AV to latest version, required deinstallation and installation. Verified the settings is compliant with the instruction from the providers.

The last thing I have seen is, when I open Thunderbird I get the Security pop-up, enters the master pwd and I can receive mails on all acounts. After a while the pop-ups starts again and I have to restart thunderbird in order to receive mails on the broken accounts.

My gmail accouts has been working for quite a while since I created the app pwd. The app pwd for the fastmail account is quite new - as this is where I got the Security pop-ups in the beginning. The jubii mail just stopped receing mails with no errors.

So now I stuck. As it relates to three different mail providers I see it as a Thunderbird problem - but I could be wrong.

Any help will be appreciated.

Specs: Windwos 10, 32bit, US edition. All updates installed. Thunderbird v45.6 (was 45.3) AV - Bitdefender Antivirus 2017 (was 2016) Firewall - MS builtin. Mailproviders: fastmail, gmail and jubii

Hi For the past weeks I have got some annoying popups regarding Security Exceptions. This is related to accounts that uses two-step verification. These accounts has app pwds created and been modified accordingly. I use a master pwd for all accounts - in total 5 accounts. Three of these accounts are using two-step and the rest just single logon. As there was still issues, I cleaned out all pwds restarted Thunderbird and started from pwd scratch. Then it seemed to work with minor issues - still some Security popups. Then nearly everything broke, all account, except one, stopped being able to send mail, I can receive mail on all account, but only send from one. The only account working is a single logon account. I then tried to clean out the pwd for one of the broken accounts - no good. I created a new app pwd for this account, cleaned out pwds for this account, and was propmted for pwd upon reception. When I try to mails I'm not prompted, and it fails - for good reasons. I'm not prompted for pwd when sending for any of the broken accounts - even the pwd is removed from the list of pwds. Searching the net gave some hints, could be AV or firewall. I have tried the following: Verified the settings in Thunderbird several times, tried change them and saving them again. Disabled AV and firewall - no change. Cleaned out all pwds, restarted Thunderbird - no change. Upgraded thunderbird to latest versions. Upgraded AV to latest version, required deinstallation and installation. Verified the settings is compliant with the instruction from the providers. The last thing I have seen is, when I open Thunderbird I get the Security pop-up, enters the master pwd and I can receive mails on all acounts. After a while the pop-ups starts again and I have to restart thunderbird in order to receive mails on the broken accounts. My gmail accouts has been working for quite a while since I created the app pwd. The app pwd for the fastmail account is quite new - as this is where I got the Security pop-ups in the beginning. The jubii mail just stopped receing mails with no errors. So now I stuck. As it relates to three different mail providers I see it as a Thunderbird problem - but I could be wrong. Any help will be appreciated. Specs: Windwos 10, 32bit, US edition. All updates installed. Thunderbird v45.6 (was 45.3) AV - Bitdefender Antivirus 2017 (was 2016) Firewall - MS builtin. Mailproviders: fastmail, gmail and jubii

Chosen solution

Now the account that worked was also broken :-( Getting closer I thought I would start from scratch again. Cleaned out all pwds and the cert8.db file. Tried to setup one account at a time, but still got Security Exceptions. Tried some other accounts with the same result. Looked in the certificates and they were issued by Bitdefender? One was ok, but for a wrong site - more later. Searching the net showed this was a known issue and when I turned off some scanning everything feel into place, so it looks like a Bitdefender problem after all. Now I got all my imap accounts running, and will try to enable the settings turned of to figure out what exactly impacts Thunderbird. The last working account is setup to as a pop account, getting mails from another site then the certificate, so I just added an exception as in this case it was ok. Have to move it to a imap at a later point.

The following item must be turned of in Bitdefender: Scan SSL

So I think I need to file a report at bitdefender.

Thanks for pushing me in the right direction, and cleaning out some of my settings.

Read this answer in context 👍 0

All Replies (10)

more options
when I open Thunderbird I get the Security pop-up

Please post a screenshot. https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem

Mailproviders: fastmail, gmail and jubii

Please post your Troubleshooting Information. At the top right of the Thunderbird window, click the menu button , then select Help > Troubleshooting Information. Press the Copy text to clipboard button and paste the information into your reply.

more options

Thx

Never seen troubleshooting information before - you learn every day. Trouble info exceeded the buffer limit, so had to split it.

 Application Basics
   Name: Thunderbird
   Version: 45.6.0
   User Agent: Mozilla/5.0 (Windows NT 10.0; rv:45.0) Gecko/20100101 Thunderbird/45.6.0
   Profile Folder: Show Folder
             (Local drive)
   Application Build ID: 20161222195647
   Enabled Plugins: about:plugins
   Build Configuration: about:buildconfig
   Memory Use: about:memory
 Mail and News Accounts
   account1:
     INCOMING: account1, , (none) Local Folders, plain, passwordCleartext
   account3:
     INCOMING: account3, , (pop3) pop.leonberger.dk:110, alwaysSTARTTLS, passwordCleartext
     OUTGOING: , send.one.com:2525, alwaysSTARTTLS, passwordCleartext, true
   account4:
     INCOMING: account4, , (nntp) news.inet.tele.dk:119, plain, passwordCleartext
     OUTGOING: , smtp.fastmail.com:465, SSL, passwordCleartext, true
   account6:
     INCOMING: account6, , (imap) imap.gmail.com:993, SSL, passwordCleartext
     OUTGOING: , smtp.gmail.com:465, SSL, passwordCleartext, true
   account7:
     INCOMING: account7, , (imap) imap.jubii.dk:993, SSL, passwordCleartext
     OUTGOING: , smtp.gmail.com:465, SSL, passwordCleartext, true
   account8:
     INCOMING: account8, , (imap) imap.fastmail.com:993, SSL, passwordCleartext
     OUTGOING: , smtp.fastmail.com:465, SSL, passwordCleartext, true
   account14:
     INCOMING: account14, , (imap) imap.gmail.com:993, SSL, passwordCleartext
     OUTGOING: , smtp.gmail.com:465, SSL, passwordCleartext, true
 Crash Reports
 Extensions
   ImportExportTools, 3.2.4.1, true, {3ed8cc52-86fc-4613-9026-c1ef969da4c3}
   Lightning, 4.7.6, true, {e2fda1a4-762b-4020-b5ad-a41df1933103}
   Bitdefender Antispam Toolbar, 7.0, false, bdThunderbird@bitdefender.com
 Important Modified Preferences
   Name: Value
     accessibility.typeaheadfind.flashBar: 0
     browser.cache.disk.capacity: 358400
     browser.cache.disk.filesystem_reported: 1
     browser.cache.disk.smart_size_cached_value: 358400
     browser.cache.disk.smart_size.first_run: false
     browser.cache.disk.smart_size.use_old_max: false
     browser.cache.memory.capacity: 24576
     extensions.lastAppVersion: 45.6.0
     font.internaluseonly.changed: false
     font.name.monospace.el: Consolas
     font.name.monospace.tr: Consolas
     font.name.monospace.x-baltic: Consolas
     font.name.monospace.x-central-euro: Consolas
     font.name.monospace.x-cyrillic: Consolas
     font.name.monospace.x-unicode: Consolas
     font.name.monospace.x-western: Consolas
     font.name.sans-serif.el: Calibri
     font.name.sans-serif.tr: Calibri
     font.name.sans-serif.x-baltic: Calibri
     font.name.sans-serif.x-central-euro: Calibri
     font.name.sans-serif.x-cyrillic: Calibri
     font.name.sans-serif.x-unicode: Calibri
     font.name.sans-serif.x-western: Calibri
     font.name.serif.el: Cambria
     font.name.serif.tr: Cambria
     font.name.serif.x-baltic: Cambria
     font.name.serif.x-central-euro: Cambria
     font.name.serif.x-cyrillic: Cambria
     font.name.serif.x-unicode: Cambria
     font.name.serif.x-western: Cambria
     font.size.fixed.el: 14
     font.size.fixed.tr: 14
     font.size.fixed.x-baltic: 14
     font.size.fixed.x-central-euro: 14
     font.size.fixed.x-cyrillic: 14
     font.size.fixed.x-unicode: 14
     font.size.fixed.x-western: 14
     font.size.variable.el: 17
     font.size.variable.tr: 17
     font.size.variable.x-baltic: 17
     font.size.variable.x-central-euro: 17
     font.size.variable.x-cyrillic: 17
     font.size.variable.x-unicode: 17
     font.size.variable.x-western: 17
     gfx.direct3d.last_used_feature_level_idx: 0
     mail.openMessageBehavior.version: 1
     mail.winsearch.firstRunDone: true
     mailnews.database.global.datastore.id: 2ad9b09c-7e4a-45e2-ab78-4a72fdd6863
     mailnews.database.global.views.conversation.columns: {"threadCol":{"visible":true,"ordinal":"1"},"flaggedCol":{"visible":true,"ordinal":"3"},"attachmentCol":{"visible":false…
     network.cookie.prefsMigrated: true
     network.predictor.cleaned-up: true
     places.database.lastMaintenance: 1483111114
     places.history.expiration.transient_current_max_pages: 93902
     places.history.expiration.transient_optimal_database_size: 139543674
     plugin.importedState: true
     print.print_printer: Brother MFC-5890CN Printer
     print.printer_Brother_MFC-5890CN_Printer.print_bgcolor: false
     print.printer_Brother_MFC-5890CN_Printer.print_bgimages: false
     print.printer_Brother_MFC-5890CN_Printer.print_command:
     print.printer_Brother_MFC-5890CN_Printer.print_downloadfonts: false
     print.printer_Brother_MFC-5890CN_Printer.print_edge_bottom: 0
     print.printer_Brother_MFC-5890CN_Printer.print_edge_left: 0
     print.printer_Brother_MFC-5890CN_Printer.print_edge_right: 0
     print.printer_Brother_MFC-5890CN_Printer.print_edge_top: 0
     print.printer_Brother_MFC-5890CN_Printer.print_evenpages: true
     print.printer_Brother_MFC-5890CN_Printer.print_footercenter:
     print.printer_Brother_MFC-5890CN_Printer.print_footerleft:
     print.printer_Brother_MFC-5890CN_Printer.print_footerright:
     print.printer_Brother_MFC-5890CN_Printer.print_headercenter:
     print.printer_Brother_MFC-5890CN_Printer.print_headerleft:
     print.printer_Brother_MFC-5890CN_Printer.print_headerright:
     print.printer_Brother_MFC-5890CN_Printer.print_in_color: true
     print.printer_Brother_MFC-5890CN_Printer.print_margin_bottom: 0.5
     print.printer_Brother_MFC-5890CN_Printer.print_margin_left: 0.5
     print.printer_Brother_MFC-5890CN_Printer.print_margin_right: 0.5
     print.printer_Brother_MFC-5890CN_Printer.print_margin_top: 0.5
     print.printer_Brother_MFC-5890CN_Printer.print_oddpages: true
     print.printer_Brother_MFC-5890CN_Printer.print_orientation: 0
     print.printer_Brother_MFC-5890CN_Printer.print_pagedelay: 500
     print.printer_Brother_MFC-5890CN_Printer.print_paper_data: 9
     print.printer_Brother_MFC-5890CN_Printer.print_paper_height: 11,00
     print.printer_Brother_MFC-5890CN_Printer.print_paper_size_type: 0
     print.printer_Brother_MFC-5890CN_Printer.print_paper_size_unit: 1
     print.printer_Brother_MFC-5890CN_Printer.print_paper_width: 8,50
     print.printer_Brother_MFC-5890CN_Printer.print_reversed: false
     print.printer_Brother_MFC-5890CN_Printer.print_scaling: 1,00
     print.printer_Brother_MFC-5890CN_Printer.print_shrink_to_fit: false
     print.printer_Brother_MFC-5890CN_Printer.print_to_file: false
     print.printer_Brother_MFC-5890CN_Printer.print_unwriteable_margin_bottom: 0
     print.printer_Brother_MFC-5890CN_Printer.print_unwriteable_margin_left: 0
     print.printer_Brother_MFC-5890CN_Printer.print_unwriteable_margin_right: 0
     print.printer_Brother_MFC-5890CN_Printer.print_unwriteable_margin_top: 0
     print.printer_Lexmark_E232.print_bgcolor: false
     print.printer_Lexmark_E232.print_bgimages: false
     print.printer_Lexmark_E232.print_colorspace:
     print.printer_Lexmark_E232.print_command:
     print.printer_Lexmark_E232.print_downloadfonts: false
     print.printer_Lexmark_E232.print_duplex: 896
     print.printer_Lexmark_E232.print_edge_bottom: 0
     print.printer_Lexmark_E232.print_edge_left: 0
     print.printer_Lexmark_E232.print_edge_right: 0
     print.printer_Lexmark_E232.print_edge_top: 0
     print.printer_Lexmark_E232.print_evenpages: true
     print.printer_Lexmark_E232.print_footercenter:
     print.printer_Lexmark_E232.print_footerleft:
     print.printer_Lexmark_E232.print_footerright:
     print.printer_Lexmark_E232.print_headercenter:
     print.printer_Lexmark_E232.print_headerleft:
     print.printer_Lexmark_E232.print_headerright:
     print.printer_Lexmark_E232.print_in_color: true
     print.printer_Lexmark_E232.print_margin_bottom: 0.5
     print.printer_Lexmark_E232.print_margin_left: 0.5
     print.printer_Lexmark_E232.print_margin_right: 0.5
     print.printer_Lexmark_E232.print_margin_top: 0.5
     print.printer_Lexmark_E232.print_oddpages: true
     print.printer_Lexmark_E232.print_orientation: 0
     print.printer_Lexmark_E232.print_page_delay: 50
     print.printer_Lexmark_E232.print_pagedelay: 500
     print.printer_Lexmark_E232.print_paper_data: 9
     print.printer_Lexmark_E232.print_paper_height: 11,00
     print.printer_Lexmark_E232.print_paper_name:
     print.printer_Lexmark_E232.print_paper_size: 0
     print.printer_Lexmark_E232.print_paper_size_type: 0
     print.printer_Lexmark_E232.print_paper_size_unit: 1
     print.printer_Lexmark_E232.print_paper_width: 8,50
     print.printer_Lexmark_E232.print_plex_name:
     print.printer_Lexmark_E232.print_resolution: 8192
     print.printer_Lexmark_E232.print_resolution_name:
     print.printer_Lexmark_E232.print_reversed: false
     print.printer_Lexmark_E232.print_scaling: 1,00
     print.printer_Lexmark_E232.print_shrink_to_fit: false
     print.printer_Lexmark_E232.print_to_file: false
     print.printer_Lexmark_E232.print_unwriteable_margin_bottom: 0
     print.printer_Lexmark_E232.print_unwriteable_margin_left: 0
     print.printer_Lexmark_E232.print_unwriteable_margin_right: 0
     print.printer_Lexmark_E232.print_unwriteable_margin_top: 0
     security.disable_button.openCertManager: false
     security.disable_button.openDeviceManager: false
     security.OCSP.disable_button.managecrl: false
more options

part 2:

 Graphics
     Adapter Description: NVIDIA GeForce GT 630
     Vendor ID: 0x10de
     Device ID: 0x0f00
     Adapter RAM: 4095
     Adapter Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_x86_bc939a1cf306360d\nvd3dum,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_x86_bc939a1cf306360d\nvwgf2um,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_x86_bc939a1cf306360d\nvwgf2um,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_x86_bc939a1cf306360d\nvwgf2um
     Driver Version: 21.21.13.7270
     Driver Date: 8-25-2016
     Direct2D Enabled: false
     DirectWrite Enabled: false (10.0.14393.351)
     ClearType Parameters: D [ Gamma: 2200 Pixel Structure: R ClearType Level: 100 Enhanced Contrast: 50 ] D [ Gamma: 2200 Pixel Structure: R ClearType Level: 100 Enhanced Contrast: 50 ]
     WebGL Renderer: Google Inc. -- ANGLE (NVIDIA GeForce GT 630 Direct3D11 vs_5_0 ps_5_0) -- OpenGL ES 2.0 (ANGLE 2.1.0.316930d51ea9)
     GPU Accelerated Windows: 0
     AzureCanvasBackend: skia
     AzureSkiaAccelerated: 0
     AzureFallbackCanvasBackend: cairo
     AzureContentBackend: cairo
 JavaScript
 Incremental GC: 1
 Accessibility
   Activated: 0
   Prevent Accessibility: 0
 Library Versions
     Expected minimum version
     Version in use
     NSPR
     4.12
     4.12
     NSS
     3.21.3 Basic ECC
     3.21.3 Basic ECC
     NSS Util
     3.21.3
     3.21.3
     NSS SSL
     3.21.3 Basic ECC
     3.21.3 Basic ECC
     NSS S/MIME
     3.21.3 Basic ECC
     3.21.3 Basic ECC
more options

In the 'Security Exception' window click the 'View' button. This opens a 'Certificate Viewer' window. Please post a screenshot of that window with the 'Issuer' information visible.

Wrt your Gmail accounts, you should set the 'Authentication type' to 'OAuth2' in your Account Settings for both, Incoming and Outgoing server.

more options

'View' attached.

Changing the 'Auth type' to OAuth2 just gives me an error message - see attached.

more options

The cert for the fastmail.com server has been issued by DigiCert. Normally Thunderbird should trust the DigiCert CA, i.e. it should have the DigiCert certificate in it's built-in certificate store. That doesn't seem to be the case for your Thunderbird.

From the Troubleshooting Information: Profile Folder - Open Folder

This will open the profile folder in Windows Explorer.

Close Thunderbird.

In Windows Explorer locate the file cert8.db and delete it. It will be rebuilt the next time Thunderbird starts. Also delete the file cert_override.txt to remove all permanent exceptions that you may have saved.

Start Thunderbird.

Do you still see the certificate error?

more options

To some extend - it solved part of the problems, so I guess we are making progress.

It's getting very late here (Europe) and I'm not thinking absolutely clear at the moment. I need to do some methodically test on these changes as something started working and something else broke :-) Thanks for the support so far. I'll get back when I'm done testing.

/jan

more options

Chosen Solution

Now the account that worked was also broken :-( Getting closer I thought I would start from scratch again. Cleaned out all pwds and the cert8.db file. Tried to setup one account at a time, but still got Security Exceptions. Tried some other accounts with the same result. Looked in the certificates and they were issued by Bitdefender? One was ok, but for a wrong site - more later. Searching the net showed this was a known issue and when I turned off some scanning everything feel into place, so it looks like a Bitdefender problem after all. Now I got all my imap accounts running, and will try to enable the settings turned of to figure out what exactly impacts Thunderbird. The last working account is setup to as a pop account, getting mails from another site then the certificate, so I just added an exception as in this case it was ok. Have to move it to a imap at a later point.

The following item must be turned of in Bitdefender: Scan SSL

So I think I need to file a report at bitdefender.

Thanks for pushing me in the right direction, and cleaning out some of my settings.

Modified by myleonberger

more options

Wrt Bitdefender also see https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

... so I just added an exception as in this case it was ok.

Having to add a security exception always means something is wrong. An exception is not the solution, it is a workaround at best. https://support.mozilla.org/en-US/kb/add-security-exception

more options

Thx for the links.

I have not had any problems regarding secure websites, but now I know where to look if it happens.

Yes, I agree, this is merely a workaround, as you say, exceptions means something is wrong. The case here is that the only thing wrong here is the hostname doesn't match, the certificate is completely valid. I have to move to an imap account where I don't have this mismatch.

Modified by myleonberger