Thunderbird Community Forum

I successfully imported the self-signed CA certificate into thunderbird. Then I tried to import the p12 S/MIME client certificate and this error message popped up (cf. screenshot below).

However, I checked the client certificate and it seems fine:

1. openssl pkcs12 -in smime-client-certificate.p12 -info -noout

Enter Import Password: MAC: sha256, Iteration 2048 MAC length: 32, salt length: 8 PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256 Certificate bag PKCS7 Data Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256

1. pk12util -l smime-client-certificate.p12

Enter password for PKCS12 file: Certificate(has private key):

   Data:
       Version: 3 (0x2)
       Serial Number: 1 (0x1)
       Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
       Issuer: "..."
       Validity:
           Not Before: Thu Feb 19 13:32:18 2026
           Not After : Sun Feb 17 13:32:18 2036
       Subject: "E=user@example.com,CN=user@example.com,
           O=example.com,ST=...,C=..."
       Subject Public Key Info:
           Public Key Algorithm: X9.62 elliptic edwards curve public key
       unknown SPKI algorithm type
       Raw:
           69:58:ee:5d:45:3f:10:d9:bb:8c:a3:b6:a5:c6:16:a6:
           53:78:65:77:73:5d:e0:6f:60:df:2c:32:f3:c2:e2:58
       Signed Extensions:
           Name: Certificate Basic Constraints
           Data: Is not a CA.

           Name: Certificate Key Usage
           Usages: Digital Signature
                   Non-Repudiation
                   Key Encipherment

           Name: Extended Key Usage
               E-Mail Protection Certificate

           Name: Certificate Subject Key ID
           Data:
               99:8a:6d:e4:ec:3a:25:5d:ad:26:a0:36:e1:da:a2:ea:
               bc:88:79:50

           Name: Certificate Authority Key Identifier
           Key ID:
               f5:6c:37:9a:37:d1:81:43:d3:54:3f:b9:33:23:85:c1:
               7e:17:73:88

           Name: Certificate Subject Alt Name
           RFC822 Name: "user@example.com"

   Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
   Signature:
       44:3a:5e:d7:44:51:f1:3c:a3:80:d8:54:f4:9c:d8:0b:
       ...
   Fingerprint (SHA-256):
       88:95:7A:DF:A5:7C:D1:E8:A5:55:A8:18:BD:BD:7D:92:1F:7D:6E:17:26:68:39:84:26:F3:F6:F3:4A:5C:56:90
   Fingerprint (SHA1):
       72:83:D0:13:C9:C9:AD:46:CA:C3:73:66:9E:79:5B:5C:3B:2E:81:47

Key(shrouded):

   Encryption algorithm: PKCS #5 Password Based Encryption v2 
       Encryption:
           KDF: PKCS #5 Password Based Key Derive Function v2 
               Parameters:
                   Salt:
                       dc:f9:bf:4a:80:e1:7c:4a:b4:f5:52:6b:9b:d5:75:ad
                   Iteration Count: 2048 (0x800)
                   KDF algorithm: HMAC SHA-256
           Cipher: AES-256-CBC
               Args:
                   04:10:0d:a4:96:03:00:2a:d5:a6:fe:d3:6c:a5:d0:12:
                   67:b3

What is going on and how to troubleshoot this issue as there is no logging about this matter into /var/log/syslog?

Environment: - Ubuntu 25.10 - thunderbird 2:1snap1-0ubuntu3

Scary behavior of 'Local Folders': I'm moving an IMAP account from one server to an other. I copy all emails from old server IMAP account to a place described as "Local Folders". I then delete the account connected to the old server. WTF: the the local folders to which I copied the messages are now GONE. My plan was to recreate the account to the new server, then copy messages from LocalFolders to IMAP. But the LocalFolders got deleted along with the IMAP account. This I was doing in a separate profile from my own, as it's for a friend I'm helping with a hosting move.

In my own profile: For more than a decade, I have been maintaining the size of my mailboxes, by moving older messages to LocalFolders. As it happens, for these, I did indeed direct the folder to a separate drive, which also gets backed up offsite. My concern is that 'Local Folders' are portrayed as being INDEPENDENT of IMAP accounts. This is VERY POOR design, to allow a user to delete data they thought was safely stored locally while they recreate a moved or misbehaving account. I have dozens of Local Folders. Five years ago, I abandoned an entire domain name and it's email accounts. I know I still have those emails in my local folders despite having deleted the IMAP accounts from my profile. I fear that the current version, by default, might not be so respectful of my data. Can someone please explain? Where are the links that TIE an IMAP account to Local Folders, and how do I sever that link?

In my case, the source account still exists. I can repeat my steps, but for some other unfortunate users, this may not be the case.

Thunderbird Version 140.7.1esr, Build ID 20260123195141 User Agent Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 OS Linux 6.1.0-33-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.133-1 (2025-04-10) OS Theme Xfce / Adwaita Application Binary /usr/lib/thunderbird/thunderbird-bin

Having a problem with an ATT POP account. TB stopped getting mail. After a minute and a half or so (wish it would time-out faster), I get a pop-up box in the top right of the screen that states: "Connection to server inbound.att.net timed out" and then quickly goes away.

Deleted passwords and cannot see where to create them again, as it never prompts me for new ones.

Thanks.

I would kindly ask for adding support for PGP/inline for Thunderbird on desktop. I am aware that there is a valid argument against PGP/inline and a workaround for using it regardless [1]. However, there are also some use cases, which apparently led to it being implemented for Android [2]. My use case are PGP/inline signatures for (unencrypted) newsgroup posts. In this context, the advantages of MIME are less pronounced and some disadvantages show. PGP is less supported by newsreaders, which in the worst case leads to illegible messages in the case of MIME. In some groups, multipart messages are prohibited by the charter. Similarly, for discussion based groups, attachments are seldom (or prohibited) and messages often monolithic, thus ensuring integrity even with PGP/inline. Also, privacy (unencrypted metadata) is not really a concern on a public message board. While PGP/MIME is a good default, newsgroups are an example where it would be desirable to have an option to switch to PGP/inline on a message-by-message basis or even as an account default. There are already PGP specific options in both, the account settings and the message settings. Extending that by another checkbox seems like a good solution to me.

[1] https://support.mozilla.org/en-US/questions/1446050 [2] https://github.com/thunderbird/thunderbird-android/issues/1974

I use Linux Cinnamon Mint on two Dell desktops - they are set up identically and perform in the same way with one exception. Both appear to be the same version of Thunderbird and have identical settings but on one computer the appearance of the typeface (in for example a listing of emails) is less clear /sharp than on the other.

When I say they are the same version - they both say 140.7.1esr (64-bit) but after that on one computer it says "Thunderbird for Linux Mint -mint-001 - 1.0". This qualification appears on the computer where the typeface is less clear but not on the other.

I should add that the issue seems to relate solely to Thunderbird - it does not present when looking at (say) websites on Firefox.

Being of a certain age clarity is important and I just wonder if I am missing something? Thanks for any help.

There are emails after the blanks and I am not sure if any are missing. Also some blank email have been marked as favorite. Even after setting the body display to plain text it is blank. And the metadata containt

I have got two e-mail by Thunderbird : X@orange => OK but X@kohinos.net NO connection Thunderbird said : connection time exceeded'. What to do?

(PII removed by moderator)