X
Tap here to go to the mobile version of the site.

Support Forum

Thunderbird update 38.1.0 does not allow SMTP authentication (at least for me)

Posted

Not so much a question, but an observation for other users. Having been running Thunderbird for years. Great program. Updated to 38.1.0 this morning after prompting and my ability to send e-mail was immediately compromised (ability to receive was not affected). Tried a few tweaks (plus turned off firewall, etc.) to no avail and had to reinstall 31.7 to get functionality back. I'll need to turn auto update off as the program is now trying to update itself again, but thought I'd throw this out there in case anyone else ran into an issue.

Not so much a question, but an observation for other users. Having been running Thunderbird for years. Great program. Updated to 38.1.0 this morning after prompting and my ability to send e-mail was immediately compromised (ability to receive was not affected). Tried a few tweaks (plus turned off firewall, etc.) to no avail and had to reinstall 31.7 to get functionality back. I'll need to turn auto update off as the program is now trying to update itself again, but thought I'd throw this out there in case anyone else ran into an issue.

Chosen solution

Christ1 tells me off line that he believes thatthis add-on, installed in Thunderbird may offer a working connection until your get to the rest. At this point is it all surmise on our part largely based on the Bug report. But if you would not mind being the guinea pig. Please install it and let us know how it goes.

Read this answer in context 1

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Windows NT 5.1; rv:39.0) Gecko/20100101 Firefox/39.0

More Information

Matt
  • Top 10 Contributor
  • Moderator
3190 solutions 21787 answers

@dmeszler

Set it solved, we have fix your issue. shayhurs must have missed the bit about posting their own question.

@shayhurs

If the above information does not resolve your issue, please consider creating a new thread containing the specific details of your issue.

Doing so will allow the Mozilla volunteers to give you solutions that are more helpful to you.

Please add the troubleshooting information to your initial question; To find the Troubleshooting information:

  • Open Help (or click on three-line-icon and select Help)
  • Choose Troubleshooting Information
  • Use the button Copy to clipboard to select all. Do not check box "Include account names"!
  • Paste this in your post.

Please also add the result of these troubleshooting steps to your post

  • Does Thunderbird work in TB Safe mode (see Thunderbird Safe Mode)?
  • Do you use anti-virus and firewall software? What is the version?
  • Who is the email provider?
  • Who is the internet provider?
  • What is the exact error message?
  • What steps did you take right before this happened?

Please, feel free to post the link to your thread on this thread for volunteers interested in assisting you.

Thank you.

==@dmeszler== Set it solved, we have fix your issue. shayhurs must have missed the bit about posting their own question. ==@shayhurs== If the above information does not resolve your issue, please consider creating a new thread containing the specific details of your issue. Doing so will allow the Mozilla volunteers to give you solutions that are more helpful to you. Please add the troubleshooting information to your initial question; To find the Troubleshooting information: * Open Help (or click on three-line-icon and select Help) * Choose Troubleshooting Information * Use the button Copy to clipboard to select all. Do not check box "Include account names"! * Paste this in your post. Please also add the result of these troubleshooting steps to your post *Does Thunderbird work in TB Safe mode (see [http://mzl.la/1k5DWjq Thunderbird Safe Mode])? *Do you use anti-virus and firewall software? What is the version? *Who is the email provider? *Who is the internet provider? *What is the exact error message? *What steps did you take right before this happened? Please, feel free to post the link to your thread on this thread for volunteers interested in assisting you. Thank you.

Modified by Matt

dcalarcon 0 solutions 3 answers

Helpful Reply

Temporal Solution:

Preferences -> Advanced -> General -> Configuration Editor ...

Promise you will be careful! ...

Look for ssl3 at the search bar....

security.ssl3.dhe_rsa_aes_128_sha must be switched from true to false security.ssl3.dhe_rsa_aes_256_sha must be switched from true to false

Restart the application and IT WORKS!!!

Temporal Solution: Preferences -> Advanced -> General -> Configuration Editor ... Promise you will be careful! ... Look for ssl3 at the search bar.... '''security.ssl3.dhe_rsa_aes_128_sha''' must be switched from true to false '''security.ssl3.dhe_rsa_aes_256_sha''' must be switched from true to false Restart the application and IT WORKS!!!

Question owner

First, thanks to everyone who helped out with this. The temp fixes worked just fine, but I finally got around to really fixing my setup and in case it helps anyone else, here's what was required (and also what was not):

1. I regenerated a new SSL key and (self signed) certificate using SHA-2 protocols. Generally, I used a script set up by my server host, but I had to modify the openssl commands as per this link (https://impl.gfipm.net/wiki/Generating_Certificates_with_OpenSSL). The host was of no help here, but it was pretty straight forward after I convinced myself that I wasn't going to blow my server up when I executed the revised script. New key and cert were generated without problem ... SHA-1 errors disappeared from the TB error log ... BUT, this did NOT SOLVE the DH issues. The DH errors remained and I could not send mail with the workaround (add-on) disabled.

1a. I should also note that I ran into problems with my new certificate having the same serial number as my old certificate. It turns out the serial number was hardcoded into the hosting company's script. Once I eliminated that code and let openssl generate the serial number randomly (i.e., I eliminated the "-set serial" instruction from the create key/certificate command line), the problem went away. Nothing is straight forward!

2. To eliminate the DH issue, I had to actually create explicit DH parameters as per this link (https://weakdh.org/sysadmin.html), under the heading near the top "Generating a Unique DH Group." The SSL setup script used by my server host had no provisions for DH, so I guess the server was running whatever the default configuration was. Thus, I needed to run this command on my server (I created a one line script for future use) and pointed the appropriate mail configuration file to the generated parameter file as per the instructions in the previous (or equivalent) link. I actually have a sendmail system, so the command I added to my sendmail.mc file was:

define(`confDH_PARAMETERS',`/etc/pki/tls/certs/dhparams.pem')

the path is particular to my server, so yours may be different. I used putty.exe to interact with my server via ssh. Once I did this and restarted my mail server, I was able to send mail with the workaround disabled.

Bottom line ... royal pain ... but it feels good to work through all this. You guys who live and breathe this stuff will probably laugh at the naiveté of all this, but some of us are learning on the fly, so thanks for all your help and suggestions. Hopefully these enhancements won't come along too often. Best of luck to everyone else stuck in this rut.

First, thanks to everyone who helped out with this. The temp fixes worked just fine, but I finally got around to really fixing my setup and in case it helps anyone else, here's what was required (and also what was not): 1. I regenerated a new SSL key and (self signed) certificate using SHA-2 protocols. Generally, I used a script set up by my server host, but I had to modify the openssl commands as per this link (https://impl.gfipm.net/wiki/Generating_Certificates_with_OpenSSL). The host was of no help here, but it was pretty straight forward after I convinced myself that I wasn't going to blow my server up when I executed the revised script. New key and cert were generated without problem ... SHA-1 errors disappeared from the TB error log ... BUT, this did NOT SOLVE the DH issues. The DH errors remained and I could not send mail with the workaround (add-on) disabled. 1a. I should also note that I ran into problems with my new certificate having the same serial number as my old certificate. It turns out the serial number was hardcoded into the hosting company's script. Once I eliminated that code and let openssl generate the serial number randomly (i.e., I eliminated the "-set serial" instruction from the create key/certificate command line), the problem went away. Nothing is straight forward! 2. To eliminate the DH issue, I had to actually create explicit DH parameters as per this link (https://weakdh.org/sysadmin.html), under the heading near the top "Generating a Unique DH Group." The SSL setup script used by my server host had no provisions for DH, so I guess the server was running whatever the default configuration was. Thus, I needed to run this command on my server (I created a one line script for future use) and pointed the appropriate mail configuration file to the generated parameter file as per the instructions in the previous (or equivalent) link. I actually have a sendmail system, so the command I added to my sendmail.mc file was: define(`confDH_PARAMETERS',`/etc/pki/tls/certs/dhparams.pem') the path is particular to my server, so yours may be different. I used putty.exe to interact with my server via ssh. Once I did this and restarted my mail server, I was able to send mail with the workaround disabled. Bottom line ... royal pain ... but it feels good to work through all this. You guys who live and breathe this stuff will probably laugh at the naiveté of all this, but some of us are learning on the fly, so thanks for all your help and suggestions. Hopefully these enhancements won't come along too often. Best of luck to everyone else stuck in this rut.
Wayne Mery
  • Top 25 Contributor
  • Moderator
571 solutions 5326 answers

Note: I'm sure we could use the talents of someone with FORTRAN skill in Thunderbird-land :)

Note: I'm sure we could use the talents of someone with FORTRAN skill in Thunderbird-land :)