Thunderbird doesn't download messages from gmail
Hi,
The problem appeared more than 1 week ago. Symptoms:
- Thunderbird doesn't download messages from gmail IMAP
Secondary symptoms:
- If I delete the OAUTH credentials from the store, it doesn't re-require OAUTH login on IMAP sync; it does so on SMTP
- Having OAUTH fixed, intermitently does or doesn't seem to access other IMAP functions: I use the "Subscribe" function for instance; at the time I write this mail it does show me the folder list; 2 days ago it didn't even do that, when clicking "Subscribe" it would show a progress bar for some 30 seconds then fail silently
- SMTP DOES work, but ever so slow (I think it takes minutes to connect and send an email)
- There seems to be a coincidence in time with problems of Firefox with TLS (eg. not connecting or very delayed connection to Youtube)
Does work:
- Other imap accounts (eg. Zoho)
Tried fixes:
- Enabled "Allow less secure apps" in Gmail
- Tried "Repair Folder" on a couple of folders, I'm staring now at a blank screen as it won't re-download
- Tried disabling indexer (had a JS console error in indexer)
- Tried disabling all plugins
- Tried clearing OAUTH token and reauthenticate
Configuration:
- 2 Gmail accounts set up with SSL/TLS and OAuth2
- Set "Allow less secure apps" in Gmail
- Thunderbird access does show up granted in Gmail Account Settings (requested by smtp, see above)
Suspicions:
- I think it might be related to TLS problems
Modified by dddinu
Chosen solution
You are quite welcome. Not sure how that will help with your certificate issues. but whatever you want to do is fine with me.,
Read this answer in context 👍 0All Replies (10)
That actually sounds like it could well be an anti virus issue. Tried without yours?
The problem seems to have gone away on its own as of this morning.
Thanks Matt, I hadn't tried without antivirus, but now it seems it works with or without it so I can't confirm it had something to do with.
To reiterate, the problem was showing only on Mozilla software (Thunderbird and Firefox), only in relation to Google TLS enabled sites (Gmail, Google fonts over https, Youtube etc), Firefox (that is more verbose) either got stuck on TLS handshake, was resetting connections, or just got stuck downloading,
I did check when the problem was showing in Firefox the CA paths to exclude a man-in-the-middle problem (either antivirus or other eavesdroppers), but it seemed all legit, so I'm pretty confident it was not a proxy problem. I don't know how to do that in Thunderbird, how do I check certs?
Modified by dddinu
in Thunderbird, how do I check certs?
You'd only need to do that when getting an exception prompt, i.e. something went wrong. There's a 'View' button in the exception prompt window to inspect the cert.
Set "Allow less secure apps" in Gmail
With OAuth2 enabled for both, Gmail IMAP, and Gmail SMTP server, you do not need to "Allow less secure apps" for your Google account.
christ1 said
You'd only need to do that when getting an exception prompt
Or when you are concerned about privacy/security. SSL is not a just a technical solution to warrant writing more beautiful code you know :) As far as I know on Windows any rotten app can install a root CA without prompting you anything.
You can easily check the built-in root CA certs via the certificate manager, if that is what you want to do.
At the top right of the Thunderbird window, click the menu button 
> Options > Advanced > Certificates > Manage Certificates - Authorities
Modified by christ1
It's not"easily", it's quite the opposite, to check the whole bunch of certs for reputation and checksum, I bet you nobody did that ever since Thunderbird 1.0. What is useful in a security context is being able to check the certificate associated with the one connection I'm interested in, and in some legal context, being able to download that certificate for further analysis (such as proving a scam).
dddinu said
It's not"easily", it's quite the opposite, to check the whole bunch of certs for reputation and checksum, I bet you nobody did that ever since Thunderbird 1.0. What is useful in a security context is being able to check the certificate associated with the one connection I'm interested in, and in some legal context, being able to download that certificate for further analysis (such as proving a scam).
Actually I think you best have a look at bugzilla and at the stuff that goes on before you talk about what does and does not get checked. Firefox and Thunderbird share a certificate manager and have common root certificates and other built in certificates.
No Matt, you have a complete misrepresentation of the problem. Thunderbird does include in the cert store all the root CAs on my computer. christ1 was suggesting I check every one of those, which "can be done easily". It's not about what the Mozilla people check, it's what I would need to check, and that is every root CA on my computer, which I don't think anyone ever did. Ever. Except agent 007 from CIA. The fact that Mozilla has a secondary CA store built-in makes little difference to the discussion.
I don't know if you are aware, but in all civilised countries e-mail communication has legal binding power by default, which makes it THE most privacy and secutiry-sensitive form of online communication, completely different and much more sensitive than WWW.
Therefore I think not including an easy way to check for the connection SSL cert is a huge mistake and utter disregard for security, IMO. And not just IMO, I see a pile of questions on this matter all brushed off with answers like "you don't need to see the cert unless something's broken" or "you could just go and sift through 200 root CAs on your computer, including those hardcoded by Mozilla", or the likes.
Thanks for the help with the problem, I am very disappointed with your attitude otherwise, even so much that I jolted on my TODO list for tomorrow "Check for Thunderbird alternative".
Chosen Solution
You are quite welcome. Not sure how that will help with your certificate issues. but whatever you want to do is fine with me.,
I'm sure it is :)