Thunderbird keeps asking me to add security exception every time I click "Get Messages"
I've been using Thunderbird for ages without any (real) problems. A few days ago, Thunderbird updated to version 78.5.0. Shortly thereafter the problems started. I can't remember if it started immediately after the update so I'm not sure if the update was the direct cause.
Anyway, every time I try to retrieve my mail (by clicking "Get Messages") a pop-up appears:
(See image attachment)
This pop-up isn't new to me since I'm using my own mail server with a self-signed certificate. So every time I update the certificate, I get this popup. It is new however the pop-up appears while nothing has changed (other than Thunderbird updating).
If I click "Confirm Security Exception", the popup disappears but no mail is retrieved. If I click "Get Messages" again, the pop-up reappears. Oddly enough, If I go to Thunderbird's Certificate Manager, I see the certificate was actually added.
So that's one strange thing. It isn't the strangest thing however. What's even stranger is that the location (email.glasshouse.nl:995) isn't the address of my mail server. If I look under Thunderbird's "Server Settings", I see the correct address. Even if I change the server address to something else (the IP address for instance), the pop-up still displays email.glasshouse.nl as location. I'm not worried this is some kind of hack or virus or malware since I recognize the address - it's the mail server I used well over ten years ago (in Thunderbird).
So what is actually going on here? And more important, how can I solve this so I can get to my email again?
Thanks in advance!
Được chỉnh sửa bởi Wayne Mery vào
Tất cả các câu trả lời (14)
I've experienced this too. the devs have been notified and have acknowledged they are aware of this issue. Meanwhile, I did find a "fix" that would be more accurately described as a "work-a-round". But regardless of what you call it, it works. Navigate to C:\Users\<pofile_name>\AppData\Roaming\Thunderbird\Profiles\<profile_in_use>\ and open the Cert_Override.txt file using notepad. List there you will see the data for your self-signed certificate, but only for the incoming mail port. (Port 143) in my case. It will look something like this: my.mail.server:143 OID.2.16.840.1.101.3.4.2.1 CE:D6:4C: (buch of key gibberish after this)
Copy the above to a new line, and the only thing you need to change is the port number. In my case, I changed it from port 143 to port 465 since that's what I use on the hmailserver program for the SMTP port. Then save the file. Now now the file looks like this: my.mail.server:143 OID.2.16.840.1.101.3.4.2.1 CE:D6:4C: (buch of key gibberish after this) my.mail.server:465 OID.2.16.840.1.101.3.4.2.1 CE:D6:4C: (buch of key gibberish after this) Now you can restart Thunderbird and when you check the certificate exceptions you'll see the cert listed twice - once for the incoming port and again for the outgoing port. I now have no problem receiving "or" sending e-mail through my end-to-end encrypted hmailserver program.
Thank you for your answer. I had to tailor it a bit but I now have a working workaround and I'm able to retrieve my email again.
My problem wasn't that there was no line in cert_override.txt for the incoming server (because it actually added a line as soon as I click "Confirm security exception" (with "Permanently store this exception" ticked), but that the server name was wrong.
Like I said, for some unknown reason, it adds a line for email.glasshouse.nl (as seen in the pop-up), regardless of what server name I enter in my account settings. Changing the server name to the correct one in cert_override.txt solved my problem.
Question is: where does Thunderbird get the server name email.glasshouse.nl from?
Carl1959 said
I've experienced this too. the devs have been notified and have acknowledged they are aware of this issue.
Do you have a URL to the report?
I don't have the URL handy. But the bugzilla number is 1665577 if that helps.
I operate my own imap mail server with a lets encrypt certificate which needs to be renewed every 6 month. In the past I had no problems to permanently store the security excpetion in TB I am on TB 76.6.0 64 bit and currently the security exception does not work anymore. Although I selected to permanently store the security exception TB does not accept it and I cannot get the messages from my mail server anymore.
ffsync5, First, make sure you've got the most current version of TB. I experienced this with an earlier release, and it seems to have been fixed in a latest minor release of version 7. If that doesn't work, then if you'll scroll up in this thread you'll see my work-a-round for this, about editing the cert.override file to manually place the exception there.
@Carl1959 sorry for the typo, I am on TB 78.6.0 (64-bit) which says "is up to date" I also had tried the workaround that you described but it did not work. The strange thing is, that I have 2 domains which both have a letsencrypt certificate and one of them is working without problems while the other always comes up with the "Add Security Exception" window. Both domains have an entry for imap...:993 in cert_override.txt. I even closed TB, renamed cert_override.txt, restarted TB and confirmed the security exception again. Both security exceptions then show up again in cert_override.txt but the one in question is not working and always comes up again with the "Add Security Exception" window.
Today I did remove the imap account and added it again with the same settings. This solved the problem although I still don't know why. The only real pain was, to manually re-add my different address identities which I use to separate communication as I could not find a way to export/import identities.
I've the same problem since version 78.6.0 What's even more strange: Thunderbird keeps asking for a security exception for one server even after I deleted the mailbox running on this server. So where is Thunderbird storing the IP of that server which is not needed any more for any mailbox?! (Yes, I restarteted Thunderbird after deleting this mailbox, but it's asking again, not accepting an 'yes')
All mail to the eboxes in my domain experience this problem--repeatedly ad nauseum. For a couple of years now. Fed up. My domain (netzarim.co.il) is http and I'm happy with that. I'm not going to pay for a certificate and https. So everyone who emails any domain--including myself emailing other boxes (like my wife, etc.) in my own domain--that refuses to pay to upgrade to https will experience this problem until you provide a way to turn it OFF, PERMANENTLY, for a specified domain. I don't want a work-around or instructions how to get a certificate. Please provide a way to turn this service--permanently--off so that it doesn't recur anymore with an update of Tbird, etc. Tbird doesn't even reliably notify that emails are no longer being accepted. The annoying confirmation messages don't always appear. Often, emails just stop arriving for no apparent reason until one finally realizes something must be amiss and performs a "Get Messages". Since I have a bunch of eboxes in my domain, a separate "confirm" message comes up and must be dealt with by everyone--for every box! Every time that happens! Worse, ever since these "confirm security exception" messages began, they intimate to everyone trying to email me, and anyone with an ebox in my domain--repeatedly ad nauseum forever, that my domain and website (www.netzarim.co.il) pose some security threat. I'm a software engineer, wrote every line of code in my website; there is NO security threat in my website simply because I won't pay for a certificate. You need to include a "trust this site" permanent exception in your confirm exception message in the profile that follows every upgrade. If you already have that then this is notification that it doesn't work. I never want to see these messages again. That would be a very appreciated fix.
Được chỉnh sửa bởi Paqid Yirmeyahu vào
Mine goes one step further! I'm OK with the popup box and clicking to store security exception - but as of yesterday, two of the three email addresses I use (Different domain names, hosted by Dreamhost) won't even bring up the Security Exception popup. No new messages have loaded since Feb. 2. I have to use webmail.
INCONVENIENT! How can this be fixed?
Mine goes one step further! I'm OK with the popup box and clicking to store security exception - but as of yesterday, two of the three email addresses I use (Different domain names, hosted by Dreamhost) won't even bring up the Security Exception popup. No new messages have loaded since Feb. 2. I have to use webmail.
INCONVENIENT! How can this be fixed?
I have the same problem, now. In November I still could use the workaround by editing the cert-override file, but now nothing is working. The program does not accept exceptions because 'the cert is valid and needs no exception' - but anyway is asking to confirm what cannot be confirmed. Mails are not loaded anymore.
I'm more and more fed up with Thunderbird.
In the meantime I found out that a calendar abo causes the problem. It's running by webdav on port 5006. But this port is included in the cert-override. So I don't know how to fix this. Any recommendations?