Thunderbird-Hilfeforum

Gmail is going to require OAuth 2.0 sign-in SFAIK, that means I will no longer be able to access gmail with Thunderbird. Are there plans for Thunderbird to meet the OAuth 2.0 requirement?

I have been using Thunderbird for several years for my GMail accounts, and have always preferred to download my messages using the POP and SMTP protocols, rather than use the IMAP protocol which leaves them all on the web. Google now inform me that "To help keep your account secure, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. Instead, you’ll need to sign in using Sign in with Google or other more secure technologies, like OAuth 2.0. What do you need to do? Email software, like Outlook 2016 or earlier, has less secure access to your Gmail. Switch to Office 365, Outlook 2019 or newer, or any other email software where you can sign in using Sign in with Google." These changes are due to take effect from May 30th. How can I prepare for them and still use the POP and SMTP protocols after that date? Is OAuth 2.0 appropriate?

I have just received this message from Google / Gmail:

"Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. Instead, you’ll need to sign in using Sign in with Google or other more secure technologies, like OAuth 2.0"

I currently use an older version of MS Outlook that apparently won't work after these changes are introduced.

My question is - will Thunderbird work with Gmail after the 30th May deadline? Is it compatible with 'Sign in with Google'?

Thank you for your help.

Mike

Hi, My institution has stopped allowing mail to be sent via Thunderbird using OAuth2 because of security concerns. They write:

"While Thunderbird uses Oauth2, it doesn't use/support it fully for sending mail. As such you can authenticate with oauth2 and download/receive mail on Thunderbird, but you can't send mail. Despite saying Outgoing mail uses oAuth2, Thunderbird still requires SMTP to be turned on to use it. This negates the security benefit from the decision to end legacy authentication, and is the change we are not able to do from the new policy. If Thunderbird were to fully support/use oauth2 for sending and receiving it should work. However, while thunderbird - or other mail clients - require SMTP in order to send mail, they will not be able to properly send mail."

Does / will Thunderbird address this and update? Is there an existing solution or explanation?

I used to be able to send emails using Thunderbird to Office365 using SMTP, but it is no longer working, although I'm still receiving emails.

Getting the following error: Login to server smtp.office365.com with username ***@*** failed

Settings Server: smtp.office365.com Port: 587 Encryption: STARTTLS

The problem occurs with Windows and also Mac OS (I installed Thunderbird to help troubleshoot).

I'm using Office 365 Family, so there is no option to manage the users, as there is in the business version, and which has been suggested by others with the same problem.

It's unclear to me if the problem lies with Thunderbird or Microsoft (I suspect the latter). Any advice would be very welcome.

I am trying to get S/MIME set up properly. I have my personal certificate set up and installed - I can send signed messages. However, when I try to send an ecrypted message to a recipent with a DOD certificate, I run into an error that the certificate is not valid. I have installed the DOD root certificates, trusted them for email/websites, and imported the individual's signature cert into the store.

How do I change the settings / trust on the individual's certificate to trust it? It is within the valid date range.

Hello, I received a Yubikey 5 and all is working fine using GPG with it, except integration with Thunderbird on Windows.

I followed this guide: https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards including 64 windows section

I was able to successfully send mail to myself, but then thunderbird failed at decrypting this message: Thunderbird is indicating that key is not available and I see no prompt from gpg-agent. Key is correctly declared as GPG external.

If I try to decrypt tis email by storing it on file and using gpg in command line, it works fine: agent is asking for Yubikey PIN and gpg is decrypting the message. But this is an awful workaround, not user friendly at all.

I also did sanity check by sending to myself a message encrypted with a key generated by Thunderbird: all is working fine, the message is decrypted within Thunderbird.

=> How do you make Thunderbird decrypt message encrypted with key stored in Yubikey? How do you make the gpg-agent called by thunderbird?

When I enter my SMS code as part of SSL/TLS security OAuth2 authentication method (see my account5 below) I get the following: __________________________________________________ Need admin approval Thunderbird www.thunderbird.net

Thunderbird needs permission to access resources in your organisation that only an admin can grant. Please ask an admin to grant permission to this app before you can use it. Have an admin account? Sign in with that account Return to the application without granting consent __________________________________________________

I don't know what app is being refered to in the above message but I am the administrator of my account and have given full permissions for Thunderbird to cross Windows Firewall etc. etc.

Since this problem started this morning I get the busy rotating symbol when accessing my account5 mail directories and their contents do not appear to be updating.

Some of the copious troubleshooting information provided from Thunderbire Help follows: ____________________________________________________

 Application Basics

   Name: Thunderbird
   Version: 91.4.1
   Build ID: 20211216022855
   Distribution ID:

   Update Channel: release
   User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.4.1
   OS: Windows_NT 6.1 7601

   Launcher Process: Enabled
   Multiprocess Windows: 0/0
   Fission Windows: 0/0
             Disabled by default
   Remote Processes: 4
   Enterprise Policies: Inactive
   Google Location Service Key: Missing
   Google Safebrowsing Key: Missing
   Mozilla Location Service Key: Missing
   Safe Mode: false

 Mail and News Accounts
   account1:
     INCOMING: account1, , (imap) outlook.office365.com:993, SSL, 3
     OUTGOING: , smtp.office365.com:587, 2, 3, true

   account2:
     INCOMING: account2, , (none) Local Folders, 0, 3

   account5:
     INCOMING: account5, , (imap) outlook.office365.com:993, SSL, 10
     OUTGOING: , smtp.office365.com:587, 2, 10, true

 Crash Reports for the Last 3 Days

 Remote Processes

   Type: Count

     Web Content: 3 / 8
     Extension: 1

 Security Software

   Type: Name

     Antivirus:
     Antispyware:
     Firewall:

 Environment Variables

   MOZ_CRASHREPORTER_DATA_DIRECTORY: C:\Users\re\AppData\Roaming\Thunderbird\Crash Reports
   MOZ_CRASHREPORTER_EVENTS_DIRECTORY: C:\Users\re\AppData\Roaming\Thunderbird\Profiles\fwghi177.IETimport\crashes\events
   MOZ_CRASHREPORTER_PING_DIRECTORY: C:\Users\re\AppData\Roaming\Thunderbird\Pending Pings
   MOZ_CRASHREPORTER_RESTART_ARG_0: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
   MOZ_CRASHREPORTER_STRINGS_OVERRIDE: C:\Program Files (x86)\Mozilla Thunderbird\crashreporter-override.ini
   MOZ_LAUNCHER_PROCESS: 1

 Important Modified Preferences

   accessibility.typeaheadfind.flashBar: 0
   browser.cache.disk.amount_written: 849303
   browser.cache.disk.capacity: 1048576
   browser.cache.disk.filesystem_reported: 1
   browser.search.region: AU
   extensions.lastAppVersion: 91.4.1
   font.internaluseonly.changed: true
   font.name.monospace.el: Consolas
   font.name.monospace.x-cyrillic: Consolas
   font.name.monospace.x-unicode: Consolas
   font.name.monospace.x-western: Consolas
   font.name.sans-serif.el: Calibri
   font.name.sans-serif.x-cyrillic: Calibri
   font.name.sans-serif.x-unicode: Calibri
   font.name.sans-serif.x-western: Times New Roman
   font.name.serif.el: Cambria
   font.name.serif.x-cyrillic: Cambria
   font.name.serif.x-unicode: Cambria
   font.name.serif.x-western: Cambria
   font.size.monospace.el: 14
   font.size.monospace.x-cyrillic: 14
   font.size.monospace.x-unicode: 14
   font.size.monospace.x-western: 14
   font.size.variable.el: 17
   font.size.variable.x-cyrillic: 17
   font.size.variable.x-unicode: 17
   gfx.crash-guard.d3d11layers.appVersion: 91.4.1
   gfx.crash-guard.d3d11layers.deviceID: 0x0659
   gfx.crash-guard.d3d11layers.driverVersion: 8.17.12.7628
   gfx.crash-guard.d3d11layers.feature-d2d: true
   gfx.crash-guard.d3d11layers.feature-d3d11: true
   gfx.crash-guard.d3d9video.appVersion: 78.14.0
   gfx.crash-guard.d3d9video.deviceID: 0x0659
   gfx.crash-guard.d3d9video.driverVersion: 8.17.12.7628
   gfx.crash-guard.status.d3d11layers: 2
   gfx.crash-guard.status.d3d9video: 2
   gfx.crash-guard.status.wmfvpxvideo: 2
   gfx.crash-guard.wmfvpxvideo.appVersion: 78.14.0
   gfx.crash-guard.wmfvpxvideo.deviceID: 0x0659
   gfx.crash-guard.wmfvpxvideo.driverVersion: 8.17.12.7628
   idle.lastDailyNotification: 1641365785
   layers.mlgpu.sanity-test-failed: false
   media.gmp.storage.version.observed: 1
   media.hardware-video-decoding.failed: false
   network.predictor.cleaned-up: true
   network.trr.blocklist_cleanup_done: true
   places.database.lastMaintenance: 1641185870
   places.history.expiration.transient_current_max_pages: 112348
   privacy.purge_trackers.date_in_cookie_database: 0
   security.disable_button.openCertManager: false
   security.disable_button.openDeviceManager: false
   security.remote_settings.crlite_filters.checked: 1635390021
   security.remote_settings.intermediates.checked: 1635390021
   security.sandbox.content.tempDirSuffix: {bfda8a1a-634b-4d7e-8fe6-b8b6bfbd896c}
   security.sandbox.plugin.tempDirSuffix: {65f21b5f-d21c-40f9-9190-e19dcdf55ea8}
   signon.importedFromSqlite: true
   storage.vacuum.last.index: 1
   storage.vacuum.last.places.sqlite: 1641272744

 Important Locked Preferences

 fission.autostart.session: false

 Places Database

 Accessibility

   Activated: false
   Prevent Accessibility: 0
   Accessible Handler Used: true
   Accessibility Instantiator:

 Library Versions

     Expected minimum version
     Version in use

     NSPR
     4.32
     4.32

     NSS
     3.68.2
     3.68.2

     NSSSMIME
     3.68.2
     3.68.2

     NSSSSL
     3.68.2
     3.68.2

     NSSUTIL
     3.68.2
     3.68.2

 Sandbox

   Content Process Sandbox Level: 0
   Effective Content Process Sandbox Level: 1
   Win32k Lockdown State for Content Process: Win32k Lockdown disabled -- Operating system not supported

 Startup Cache

   Disk Cache Path: C:\Users\re\AppData\Local\Thunderbird\Profiles\fwghi177.IETimport\startupCache\startupCache.8.little
   Ignore Disk Cache: false
   Found Disk Cache on Init: false
   Wrote to Disk Cache: true

 Internationalisation & Localisation

     Application Settings
     Requested Locales: ["en-GB","fr"]
     Available Locales: ["en-GB","en-US","fr"]
     App Locales: ["en-GB","en-US","fr"]
     Regional Preferences: ["en-AU"]
     Default Locale: "en-GB"

     Operating System
     System Locales: ["en-US"]
     Regional Preferences: ["en-AU"]

 Remote Debugging (Chromium Protocol)

   Accepting Connections: false
   URL:

I received the following from my e-mail provider, and as a total dumbo about this, want to ask if I need to do anything about this in Thunderbird (Linux). As far as I can see, my e-mail account in Thunderbird is set to POP3, encrypted using SSL/TLs, normal password - can anyone tell me if this is OK - Thanks.

Quote: "We are contacting you because one or more of your devices or programs uses the TLS 1.0 and/or TLS 1.1 encryption protocols to connect to our mail.com email servers, or is using an unencrypted connection. This involves either access via SMTP (sending emails) or retrieval via POP3/IMAP (receiving emails).

Unfortunately, the TLS 1.0 and TLS 1.1 encryption protocols are outdated and no longer meet current security standards. To protect your email communications, soon we will no longer allow access to our mail.com servers with these outdated protocols. Unencrypted access will also no longer be possible.

After the protocols have been deactivated, the transfer of emails between your affected device or program and our mail.com servers will no longer work; i.e. no emails will be transmitted to or from your mail.com email account using TLS 1.0 and TLS 1.1. Furthermore, unencrypted SMTP/IMAP/POP3 connections will no longer function. In other words, as of Oct. 5, 2022, it will only be possible to connect if TLS 1.2 or TLS 1.3 encryption is in place." Unquote

Running Windows 11, Thunderbird version 91.6.2(64 bit), NordVPN Prior to installing NordVPN all the gmail accounts worked fine. Since installing the vpn I get an email message from Google, for each of my gmail accounts, saying my account has been locked or blocked due to suspicious activity. The messages goes on to say someone tried to sign into my email account, using my password, from Phoenix, AZ (I live in Texas) with the date, time, etc. Since I won't give Google my cell phone number, I had to set up something like a recovery email address, other than gmail, for each gmail accounts. Every time I open the vpn I get these messages in 6 different email accounts and I have to disconnect the vpn and then open the messages in each account and click on "Yes it was me". I'm not sure what the time frame is but if I don't respond "Yes it was me" within the time frame I have to change the passwords on all my Gmail accounts. As a side note I have other mail accounts with @verizon.net and I never have this problem with the @verizon.net accounts. What I have been doing is closing Thunderbird before I open the vpn, but it's a pain, and I'm hoping there is a better solution. I'm attaching a screen shot of my Gmail account setting in hopes it's just a setting that needs to be tweaked.

It would be great if Mozilla Support would stop archiving the old threads on the OAuth2 issues.

Every 2 years or so something happens and I have to reconfigure Thunderbird to accept my gmail account. Every single time, there are problems with OAuth2.

The credentials pop-up window will not allow me to enter a password. It just keeps refreshing to the login prompt - 'Email address or Phone'. I type in the e-mail address; it refreshes to 'Email address or Phone'.

I have checked TB updates - all updated. I deleted the account, deleted all saved e-mail logins and passwords in Thunderbird, and in my browser, and tried to add the account again to Thunderbird. The credentials window won't let me get to the password fill in. And even if get there, am I still going to have problems with OAuth2?

I have tried to do the reset as described (I entered chrome://pippki/content/resetpassword.xhtml in Firefox) and got to the dialog with the reset option and selected it and got message that password had been reset. However, I still cannot get into Thunderbird without entering the Primary Password. How do I actually reset the password so that I can get into Thunderbird?

I've been using an older version of Thunderbird for years without issue to sign into my POP3 optimum online mail server. I recently "updated" so I could get the "Remove Duplicate Emails" plugin working.

I now have the issue I've seen mentioned here numerous times: I can no longer save my password. I have to manually input it every time I open Thunderbird. If I enter my password and sign in, my mail works fine.

If I check the box to remember my password, it no longer connects to the server. Instead it attempts to connect for a few minutes, then gives me a "mail server timed out" error.

My saved passwords list is completely blank. There is only one profile folder in the Thunderbird profiles directory.

I have tried deleting/renaming the following files in the profile folder: - key3.db (does not reappear after new version, probably legacy) - key4.db - cert9.db - signons.sqlite (has also not reappeared after removing)

I have seen it also advised to delete/rename the following files, but they do not exist in my local profile folder: - pkcs11.txt - logins.json

I am not using CC cleaner or any other programs to scrub passwords.

I have had trouble getting mail on one (and only one) of my computers. When trying to send today, I received an error message in TB that I needed to change my password. I looked for a way to do this, but found none. I did, under preferences, look at stored passwords on the machine which is unable to send. Only an authentication password for Oath (Yahoo), remains, but the password to log in to my email account for both sending and receiving is gone. Both exist on my other machine. How do I re-enter my password for this account?

This is my first post. But I have been reading and benefiting from all the expertise I have found here for many years! Thanks to all!

Trying to plan ahead for the Gmail OAUTH2 change, I upgraded to Tbird 91.9.0.

My Account Settings all transferred to the new version. I do have multi Gmail accounts, as well as other email accounts, but from other posts here, this should matter.

While I am a long term Tbird user, I am a newbie with OAUTH2. I can't seem to connect. So I am writing here for help!

My setup: - Dell notebook running W10 - internet connection strong - am using a Netgear Nighthawk Hotspot Router, which works great with

    everything else, so I really doubt that is an issue

- testing without a firewall; running McAfee - resetting Tbird account back to "Normal Password", then Gmail connects

Incoming Server set to IMAP: imap.gmail.com:993 w SSL/TLS and OAuth2 Outgoing: smtp.gmail.com:465 w SSL/TLS and OAuth2

I have been consistently testing with the same gmail account: - YES, I know my password; it works with both the Gmail web interface,

   or after going back to "Normal Password" instead of OAUTH2

- allow any Alert emails via Gmail Web Interface, repeatedly. - Ran Captcha ... many times! In case someone else reading here needs this, it is here: https://accounts.google.com/b/0/DisplayUnlockCaptcha and you must be logged into the Gmail Web Interface when running this. I have learned to take a pause after running this, for it do its thing.

If Toad-Hall is reading this, I found your list of steps here very helpful: https://support.mozilla.org/en-US/questions/1375558 Worth repeating for others who are struggling, like me.

As recommended here: https://support.mozilla.org/en-US/questions/1373706 Cookies: all cleared Remembered Passwords: all cleared

Also looked at this: https://support.mozilla.org/en-US/questions/1375702 Originally, my cookies WERE blocked. I did need to change my Web Content as recommended in this post:

   Selected: Remember web sites and links I've visited
   Selected: Accept cookies from sites
   Accept third-party cookies: Always
   Keep until : they expire
   Not selected: 'Send web sites 'Do not track'..... 

Also: In Privacy and Security -> Web content -> Exceptions, added: https://accounts.google.com set to 'Allow' and Saved Changes. Then exit Tbird, took a short pause, started Tbird again, per the advice to properly update the files.

Should I be doing BOTH of these? This post shows options: https://support.mozilla.org/en-US/kb/automatic-conversion-google-mail-accounts-oauth20 So if I Select to accept cookies, should I also set the Exception??? I have tested various combinations of these settings, but not seeing a cookie.

In Tbird, when testing to connect, I see:

"Sign in with your Google Account" Enter my account password (I see an error msg here when I typo the password, no error when entered correctly) Also, have checked "Stay Signed In" while trying to Authorize, as recommended. then click Allow on the second screen.

After a few seconds, keep seeing popup in lower right corner of screen: "Authentication failure while connecting to server imap.gmail.com" Sometimes, this msg does not popup, which seems odd to me, but it still fails: Cookies: still empty Password: still empty

I keep updating and reading and updating the setups and testing again, but no cookies for me!

I admit I have gotten off track, testing and reading posts:

Thought my problem might involve Certificates for a while, but now do not think OAUTH2 is using Certificates. Right?

Thought for a bit it might be Javascript disabled, but I am NOT seeing the popup window that shows this error, from this post: https://support.mozilla.org/en-US/questions/1373379 refers to: https://support.mozilla.org/en-US/questions/1286410 Did find my way to Config editor: https://support.mozilla.org/en-US/questions/1349136 Followed this advice: "Click the 3-bar menu icon, Preferences, and find Config. editor at the bottom of the General section. Or, type editor in the search box at the top of Preferences." Then searched for "Javascript" and found most of settings were true, like javascript.enabled is "true". Should everything that a search for javascript finds be set to true? Since I do not see the error msg, I believe this is not my problem.

Stans posted another helpful summary here: https://support.mozilla.org/en-US/questions/1375538 "After you've changed your accounts to OAuth2, delete all records of your Google Account passwords from Thunderbird's password vault (Saved Passwords). With OAuth2, your passwords are not stored by Tbird. Instead, an OAuth2 token (a long string of meaningless characters) is stored in the password field. That's what you should see after completing the OAuth2 process for each of your accounts. You have to do it twice, once for incoming and once for outgoing server. Also, you must allow cookies in Thunderbird's Preferences, otherwise it won't work."

If I am following this correctly, after testing to try and authenticate, I should see a Cookie and a Saved Password being created but they are not.

Think this is my problem!

In Gmail web interface, I am not sure of some settings:

In Manage Your Google Account -> Security:

1. Should Sign-in 2-step verification be on/off? (its off) 2. Third Party apps w access shows Tbird (think this is new, don't recall it before) 3. Allow Less Secure App: turn off (was On for normal pswd; either way fails w OAUTH2) (think I have tested all combinations of the above, with no success) I welcome suggestions on how I should set these to connect with OAUTH2.

I feel like I am getting close here, but I am stuck. Is there anything else, maybe something I have not heard about, like Captcha, that I should try?

Have I missed a setting somewhere? Suggestions???

Meadowlark13

I am using the latest Thunderbird 91.2.1 under Windows 10.

Passwords are not being saved even when I click to save with password manager.

Older posts suggest deleting:

  \Users\userid\AppData\Roaming\Thunderbird\Profiles\defaultProfile\pkcs11.txt
  

but this file is not present in the latest version.

An earlier version of Thunderbird was uninstalled before the latest version was downloaded and installed.

Hello,

This morning when I opened Thunderbird it wouldn't accept my master/primary password. I've used the same one for years, so I know I've not forgotten it. Plus it worked yesterday!

Only thing that seems to have changed is the update to Thunderbird 91.

Any tips would be greatly appreciated.

Upgraded from a very old Eudora environment in 2 steps to TB 91.1. Windows 10. All works fine, but the passwordmanager will not save my email-password during normal operation, though the 'save pw' checkbox is there. It's a clean installation, no add-ons. If I start TB in safe (troubleshoot-) mode, all works fine. I don't seem to be able to find out the reason of this change in behaviour, would be happy with any suggestions.