I keep getting asked to add security exception. This Qu was asked in Jan - no solution???
cobraflex asked this question back in January and I don't see where anyone answered it. I have had this problem all year also - it's a REAL PAIN IN THE BUTT and I (like cobraflex) am looking for another client. The only thing that is keeping me is that my calendar is on TB.
cobraflex's thread describes the problem exactly. I am using WinXP sp3, TB is up to date. My ISP is shaw.ca Cable with a Cisco portal. My computer is a wired connection to a cisco (linksys) router using DD-WRT. No other problems!
Following is cobraflex' post......
"im constantly getting asked, sometimes several times a minute, to "confirm security exception". I always make sure "permanently store this excpetion", before clicking "confirm security exception", but it doesnt seem to work, as a few minutes later I'll get exactly the same pop up again, for all my email accounts.
Ive been using thunderbird for years, and usually this only happens, just the once, after ive turned my anti-virus off and on again. But this time it has started happening on its own, and has been relentlessly harrasing me. Sometimes the pop up will appear while im in the middle of typing a mail and cut me in my stride, so the program is almost impossible to use now.
Do you know why this might be happening? "
Chosen solution
Okay, my 2nd pet peeve? It is absolutely amazing how people do not understand that DATA is absolutely useless if it is not accompanied by a DATE!! People NEVER delete data from their databases so you can't tell if it is 6 months or 6 years old!!!
Not quite the case here - your last post was close enough that when I called Shaw we were able to sort it out.
They don't specify incoming security - it defaults to whatever we set up under "Outgoing Server".
So it looks more like this....
Incoming Server: pop.shaw.ca Server Type: POP Mail Server (can't change this) Security Type: none Authentication: Normal Password (or Password, transited insecurely) Port: 110
Outgoing Mail Server with Authentication
SMTP Server
Description: Shaw Server Name: mail.shaw.ca Connection Security: STARTTLS Port: 587 Authentication: Normal Password Remote Access: We don't have access to this setting but worth checking maybe - S/B Enabled
OH! AND you need to make sure that his is the DEFAULT server!
This seems to be working so far. I will return if it re-occurs (like to keep the thread complete for others).
Thanks for all your help - REALLY appreciate your persistence, I can now return to being a happy Mozilla user!
Thanks again,
Read this answer in context 👍 0All Replies (9)
I don't think Thunderbird is smart enough to read "no security" to mean "use the SMTP server server setting here." What would happen if you actually specified using STARTTLS on port 110?
Hmmmm. Missed that part didn't I?
I changed it to STARTTSL and I am now getting pop-ups again.
Yes, port 110 usually is not set up for any kind of security, so clearly they misspoke when saying that you would have security on port 110 based on your SMTP settings.
As long as you're experimenting, does SSL/TLS on port 995 work for incoming mail? If not, I guess you're stuck with port 110 and no security.
Modified by jscher2000 - Support Volunteer
You seem to be saying that my outgoing messages are being transmitted in clear text to the Avast server?? Surely not?
That's not what I'm saying. Thunderbird talks to Avast via TLS, but Avast is acting as a SSL/TLS Proxy, and is decrypting your communication. That's the whole point, at least from their perspective. Avast then establishes an encrypted connection to your provider's server on your behalf. In your case it doesn't really matter anyway since you do receive messages from your provider in the clear, including transmitting your password in the clear. As said before, find a new email provider with decent security.
I don't regard eMail as secure and I treat it accordingly.
That is basically true as long as you don't encrypt the actual messages. But I wouldn't want to risk my password being compromised by sending it in the clear every time I check for new mail or send mail. And I don't see any reason to disclose my email password to an anti-virus software vendor.
Modified by christ1
I don't quite understand how my password is sent un-encrypted if all my outgoing data is encrypted. Why would my ISP be sending my password to me?
I think when I choose and install an Anti-virus program, I put my whole life in their hands!!! They have access to everything on my network, the internals of my operating system and every keystroke I make. They can wreck my hardware, disable my Game Box, my TV, maybe even my Fridge! Not to mention they can steal me blind.
But the prospect of not having protection is even worse. So I HAVE TO TRUST AVAST!!! Don't I?
P.S. My ISP provides McAffee for free. I was selling McAfee in the early '90's when nobody had heard of it and it was the absolute best program available. It's FAR from that 20+ years later - might as well buy Norton!!
My ISP provides McAffee for free.
Search this forum for problems related to McAfee. You'll find plenty. McAfee will make matters worse. Simply follow the instructions given above. https://support.mozilla.org/en-US/questions/1093227#answer-804727
KenFF said
I don't quite understand how my password is sent un-encrypted if all my outgoing data is encrypted. Why would my ISP be sending my password to me?
Thunderbird has to send your username and password to the server to access your mail. The standard POP3 protocol on port 110 is not encrypted. If you are on a wireless network, they should usually be encryption between your computer and the wireless access point to prevent over-the-air sniffing, but from there to the mail server, it's plain text.
jscher2000 said
Thunderbird has to send your username and password to the server to access your mail.
Yeah but outgoing IS encrypted! It's just incoming POP3 that isn't.
And I haven't thought it thru', but I think sniffing incoming mail would be a bit random and far less productive than sniffing outgoing?
KenFF said
Yeah but outgoing IS encrypted! It's just incoming POP3 that isn't.
I see what you mean. The thing is, your ISP doesn't send mail automatically like a postal service, Thunderbird has to open a connection to the server and request new messages, and in that process, it sends your login information. Over an unencrypted connection.