Thunderbird fails using SSL/TLS
Question asked by michael~ - 2/26/2015 at 9:21 PM
Unanswered
Hello all --
 
I have a new SM13 server with ports 25,110,143 unencrypted, and 445,587,993,995 using TLS, all bound to the IP.  All SSL has been disabled on the server.  I can setup an IMAP account in Outlook using TLS over 993, no problem.  But when I try to do the same in Thunderbird (v31.5.0), it just hangs on "Connected to mail.server.com..."  The connection doesn't show in the SM Connections list.  I've tried every combination of settings in Thunderbird:  SSL/TLS + Normal and Encrypted password, STARTTLS + Normal and Encrypted password.  I made sure the port is 993.  
 
Wireshark shows an SSL "Client Hello" packet from the client, then the server responds with an SSL Continuation data packet (advertising IMAP4), then the client sends a RST, ACK, and that's it.
 
Does this sound like a Thunderbird problem, or a misconfiguration on the server somehow?
Thanks
-- michael~

14 Replies

Reply to Thread
0
Joe Wolf Replied
Bind and use ports SMTP 587, Pop 119, and IMAP 143 via TLS. SSL is DEAD. In Outlook just change the More settings to TLS instead of None. Simple.
Thanks,
-Joe
0
michael~ Replied
Thanks for the reply, but the problem is with Thunderbird using TLS. My server has all SSL version disabled, and I can connect to the same account on 993/TLS just fine thru Outlook. It's Thunderbird that hangs when trying to connect over 993 with SSL/TLS (there isn't an option to select one or the other, tho in previous versions it looks like there was).
0
Joe Wolf Replied
In Thunderbird just change it to port 143 and STARTTLS (and encrypted password). Nothing should be able to connect to 993 because all you have bound to that is SSL and your server should not accept any SSL connections.
Thanks,
-Joe
0
michael~ Replied
I have TLS bound to 993.. SSL isn't active anywhere on the server.. disabled thru registry, and not bound to any ports.. Also I tried STARTTLS on port 993 with the same result.. just sits there..
0
Joe Wolf Replied
Are you sure port 993 isn't blocked on your firewall. I use Thunderbird and it works fine with SmarterMail and TLS, but I don't use port 993.
Thanks,
-Joe
0
michael~ Replied
Very odd.. I just enabled TLS on 143, and Thunderbird successfully connected using STARTTLS/Normal password on port 143 (it fails using Encrypted password). So... where in SM would I specify to use an encrypted password? And in the end, what should my port setup ideally look like? 25,110,143,465,587,993,995 all using TLS? Or just 25,110,143,465,587 using TLS and remove 993,995?
0
michael~ Replied
AH! I understand now! My apologies, but after much more reading, I was confused about the port associations. I now understand that 993,995 are used for SSL, so TB was assuming an implicit SSL connection, which is disabled on the server-side. I've removed 993 and 995.. My current setup is 25, unencrypted, and 110,143,465,587 using TLS. I'm still unsure about how to require an encrypted password tho...?
0
Joe Wolf Replied
You need to have port bindings for ports 25, 110, 143, and 587 both unencrypted (standard) and duplicated as TLS. If you leave port 25 without TLS you won't be communicating with other SMTP servers via TLS. The port 465 is useless because nothing using 465 will be looking for TLS. My apologies, I forgot that Thunderbird does not support Encrypted passwords on IMAP with SmarterMail... only POP and SMTP.
Thanks,
-Joe
0
michael~ Replied
How can I bind both IMAP and IMAP TLS to the same IP if they're both using port 143 (same for 110 and 587)?
0
Joe Wolf Replied
In Settings | Bindings | Ports just add it in SmarterMail.
Thanks,
-Joe
0
michael~ Replied
I have 8 ports created.. 25,110,143,465,587, no encryption.. and 110,143,587, using TLS. When I go to IP Addresses to bind all 8 to the Primary IP, I get an error "The same port can not be selected more than once". I'm assuming this what you meant by 'duplicated', otherwise, why would I create both if only one of each is bound to the IP?
0
Mark DeLore Replied
I get similar issue when adding a test user account in Thunderbird. Too many connections
0
Joe Wolf Replied
Michael, in the IP Address section only bind the TLS ports. The others will automatically fall back if no TLS connection is available. So after you've created the Ports, then in IP Adddress section you would have "POP 110" and "POP-TLS 110" (or whatever you called the TLS port name) only check the "POP-TLS 110" box, and do not check the "POP 110". This will allow users to connect to port 110 via TLS or un-encrypted. Trust me, it works.
Thanks,
-Joe
0
michael~ Replied
Sorry for the delay.. weekend n all.. Just wanted to confirm that, yes, this did work with Thunderbird, and to thank you for the help.. Much appreciated..

Reply to Thread