All Products Community Forum

Add Security Exception? I can't send any outgoing email messages. I now get a warning alert after hitting Send entitled "Add Security Exception". It says further, "You are about to override how Thunderbird identifies this site." And, "Legitimate banks, stores and other public sites will not ask you to do this." My email provider is Earthlink and the alert identifies the server location as, "smtpauth.earthlink.net:587" and says, "This site attempts to identify itself with invalid information. Unknown Identity. The certificate is not trusted because it hasn't been verified as issued by a trusted authority using a secure signature."

That only available options are, "Confirm Security Exception" and "Cancel". Selection of either option brings up the same next alert, "Send Message Error", "Sending of the message failed. Peer's Certificate issuer isn't recognized. The configuration related to smtpauth.earthlink.net must be corrected."

I didn't intentionally change any settings or receive any notification from Earthlink to that effect, so I don't know why any of these protocols would have changed. I can view the smtpauth.earthlink.net certificate but I don't know how to copy it or attach it for diagnostic purposes. Can anyone provide insight regarding what is going on here and how to resolve it? Any solutions will be greatest appreciated.

Hello to all,

I wanted to use DoH (dnsforge.de) under “maximum protection”, but with one exception: I would like Ecosia.org to be able to place ads for me, because I am convinced of Ecosia and want to support this project. Tested this with Cloudflare as well, setting up an exception here does not work either.

Now the exception set in Firefox has no effect. It should not be due to the DNS provider, because Ecosia.org is not blocked and has even been whitelisted.

What is the expected behavior of the “maximum protection” setting?

Kind regards

I used Chrome until two days ago. I just got tired with how shitty the browser was, how bloated it made my computer, and how much Google treats everyone like a data product. However, I use hella google systems from Voice to Chrome to Drive to more and it all worked great together. Choosing to change to Firefox wasn't an easy decision but I knew it was a good one

Which makes it super irritating that some of the functionality is already facing problems. I have shortcuts I built to make it easier to study or do random things so I don't get distracted or tired. One shortcut is clicking a key that should launch UWorld in my default browser & use Lastpass to autologin (I couldn't get it to launch the service but that was a separate issue).

I check if autologin was on for the password on LastPass I've allowed all permissions to the LastPass extension I clear my cookies on UWorld & turned off enhanced tracking protection for the UWorld login portal site

What should I do to fix my one button shortcut again?

I really don't want to go randomly turning off every protection that Firefox gives me to figure it out so I'd appreciate someone who understands the browser better helping me out. Also, bonus points if you can help me build a single shortcut button on my Mac that can launch UWorld & navigate me straight to the question bank. (I do think the issue with autologin on LastPass is going to become more of an issue as I start opening up more websites I used to use on Chrome so I'd rather nip it in the bud before I see the problem occur more often)

Certificate errors have been an ongoing, several-times-a-day frustration for me and other users, with different ISPs, since approximately June 25. Is anyone working on this bug? Because it clearly is a bug: Not only I but several other users have reported that Thunderbird worked fine until that date, then stopped working fine. What changed, and can it be put back the way it was, or can we receive some explicit instructions on how to fix it for ourselves? It's making Thunderbird borderline unusable. Every time I try to send a message, I have to confirm a security exception, then send it again. Several times a day, when I try to fetch messages, I have to confirm security exceptions. The confirmations never seem to stick. This is some BS.

With the latest updates, the client no longer accepts the self-signed smtp certificate as exceptions. The server is old and there is no way to upgrade to a newer one. It is also not possible to connect a third-party certification authority

I am able to receive emails on Thunderbird but I am not able to send emails to anybody from Thunderbird. That happens on two computers I have. I am able to send emails from Outlook. Therefore, it is not my email provider's (BluePeak) problem. When I try to send an email from Thunderbird, I receive the following error message: “Sending the message failed. SSL received a record with an incorrect Message Authorization Code. The configuration related to must be corrected.”

Please help me resolve this issue. Thank you very much!

Здравствуйте, мы пользуемся программой Kaspersky Security Center, у нас возникла проблема. После изменения политики, постоянно меняется самоподписные сертификаты почты (Thunderbird) и каждый раз приходится подтверждать их заново. Просьба оказать помощь в решение данной проблемы.

________________________________________________________________ Hello, we are using the Kaspersky Security Center program, and we have a problem. After changing the policy, the self-signed mail certificates (Thunderbird) are constantly changing, and we have to re-verify them every time. Please help us resolve this issue.

After I did the 128.5.2esr update, none of my email accounts can get email with SSL/TLS on. It won't even try the server with SSL/TLS on. If I turn it off, then it can get mail. When I try to change to STARTTLS it will just hang showing checking server capabilities. Some accounts are imap and some POP3

Running Windows 10, version 22H2 updated 12/10/2024 OS Builds 19044.5247 and 19045.5247

Gmail works fine. I've tried the just about all of the things I have found online, but no luck.

Any suggestions? In the past I rolled back to a working version and that fixed it, but it hasn't worked this time. Would removing all of the certificates fix it? Didn't want to take that chance until I threw it out out here!

Thank you!

I have an email account with multiple identities (aliases), some of which I would like to add under the same OpenPGP key that I'm using for the main identity. I couldn't find any option in the OpenPGP Key Manager in Thunderbird which would allow me to add identities to the key. How should I go about doing this?

i can not receive mails, since the update to 128.5.2ESR not on imap.strato.com not on imap.gmail.com not on mail.yourhosting.com

just since today after the update. sending emails seems to work.

I did NOT change anything in the accounts.

How to solve????

Thank you.

I can't send mail via smtp.comcast.net. I can connect to IMAP and get mail, and I can send from my iphone and (new) Outlook. Running TB v142.0 (64 bit) on Windows 11. Issue is reproducible on second system. When I try to send mail, client tries for 1 minute, then times out with "Sending of the message failed. The message could not be sent because the connection to Outgoing server (SMTP) smtp.comcast.net timed out. Try again."

TB log says: 14:17:11.775 1756750631775 addons.xpi WARN Checking C:\Program Files\Mozilla Thunderbird\distribution\extensions for addons 14:19:37.714 mailnews.smtp: New client instance SmtpClient.sys.mjs:121:17 14:19:37.716 mailnews.smtp: Connecting to smtp://smtp.comcast.net:587 SmtpClient.sys.mjs:141:19 14:19:37.799 mailnews.smtp: Connected SmtpClient.sys.mjs:429:17 14:20:39.211 mailnews.smtp: NetworkError: a Network error occurred SmtpClient.sys.mjs:476:17

   _onError resource:///modules/SmtpClient.sys.mjs:476

14:20:39.212 mailnews.smtp: Socket closed. SmtpClient.sys.mjs:550:17 14:20:39.214 mailnews.smtp: SecurityError info: PR_END_OF_FILE_ERROR SmtpClient.sys.mjs:491:21 14:20:39.245 mailnews.send: Sending failed; The message could not be sent because the connection to Outgoing server (SMTP) smtp.comcast.net timed out. Try again., exitCode=2152398868, originalMsgURI=imap-message://mgiul%40comcast.net@imap.comcast.net/Drafts#57692 MessageSend.sys.mjs:343:32

smtp.comcast.net is using a self-signed cert. Is this the problem? C:\Users\rchar>openssl s_client -starttls smtp -connect smtp.comcast.net:587 Connecting to 96.103.145.180 CONNECTED(000001F8) depth=3 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services verify error:num=19:self-signed certificate in certificate chain verify return:1 depth=3 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services verify return:1 depth=2 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority verify return:1 depth=1 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA verify return:1 depth=0 C=US, ST=Pennsylvania, O=Comcast Corporation, CN=smtp.comcast.net verify return:1 --- Certificate chain

0 s:C=US, ST=Pennsylvania, O=Comcast Corporation, CN=smtp.comcast.net
  i:C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA
  a:PKEY: RSA, 2048 (bit); sigalg: sha256WithRSAEncryption
  v:NotBefore: Jan  6 00:00:00 2025 GMT; NotAfter: Jan  6 23:59:59 2026 GMT
1 s:C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA
  i:C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
  a:PKEY: RSA, 2048 (bit); sigalg: sha384WithRSAEncryption
  v:NotBefore: Feb 12 00:00:00 2014 GMT; NotAfter: Feb 11 23:59:59 2029 GMT
2 s:C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
  i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
  a:PKEY: RSA, 4096 (bit); sigalg: sha384WithRSAEncryption
  v:NotBefore: Jan  1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
3 s:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
  i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
  a:PKEY: RSA, 2048 (bit); sigalg: sha1WithRSAEncryption
  v:NotBefore: Jan  1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT

--- Server certificate

MIIHATCCBemgAwIBAgIRAJUASDPOQisnR1zo9CfhXcYwDQYJKoZIhvcNAQELBQAw gZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYD VQQDEzNDT01PRE8gUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBT ZXJ2ZXIgQ0EwHhcNMjUwMTA2MDAwMDAwWhcNMjYwMTA2MjM1OTU5WjBdMQswCQYD VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRwwGgYDVQQKExNDb21jYXN0 IENvcnBvcmF0aW9uMRkwFwYDVQQDExBzbXRwLmNvbWNhc3QubmV0MIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLkgKQUqw4MylCObwwzTyFkIoMN/NRNl 6EY0zS+sjlYMFPplSULdfqs1tEcWZhCs+u1EkJN9+/juCtzeZ9c73yx8nTph0/KZ 5ri9t55yu5xhtuDv2WsMJmqcTOHPXRSZt7abpsvNfxCb6IG2YdPrBNqPyZPEJ6jn h3CY3qBbsreL4iR+UEGunSJAg2mRXHhx0/aYN3CTUetOcSBzIwoFXPklptWCcm5V knK+BWqFtKlyt6nHW/o2qK74nLDgKNUgxR9pG/Bw48ZER1emGsNlN2RVyOBtoAAG 15x4vD2iFBVEe9A0q9HOJc9bGSNb6zuU4ZpCb+RpNq3kkqJCpS6aJwIDAQABo4ID gDCCA3wwHwYDVR0jBBgwFoAUmvMr2s+tT7YvuypISCoStxtCwSQwHQYDVR0OBBYE FHz0nGUjqJ0rg0OQFz/hLkJ581OVMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBBMDUG DCsGAQQBsjEBAgEDBDAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29t L0NQUzAIBgZngQwBAgIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5jb21v ZG9jYS5jb20vQ09NT0RPUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNl cnZlckNBLmNybDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8v Y3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9u U2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v ZG9jYS5jb20wggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2AJaXZL9VWJet90OH aDcIQnfp8DrV9qTzNm5GpD8PyqnGAAABlDwZ58gAAAQDAEcwRQIhAOgI6NbRS4t6 9XvPVbmFixPHyFJXDqU60dv5r+RB9Y9YAiAwlfQhXe45ccND3T5te2KryuxvRhzW aBO3oIS6ixw6DAB3ABmG1Mcoqm/+ugNveCpNAZGqzi1yMQ+uzl1wQS0lTMfUAAAB lDwZ56oAAAQDAEgwRgIhAKmynGx19jBgk4Xy/eChCKjR/vpOtCH16470/jJyY6Yy AiEAkwlRN7Cn1AN20CGjNowsJ2PBaqNOk/u297W/RttgBKMAdwDLOPcViXyEoURf W8Hd+8lu8ppZzUcKaQWFsMsUwxRY5wAAAZQ8GefaAAAEAwBIMEYCIQDyR2Zz3Spd 0Gul6Z2dJa15aUEiEaW7KEAtbCcqz/zoLwIhAIV8YxWeI8rVaAvdl9kWquejUOTx M2G4iYjeZINb1VMgMEMGA1UdEQQ8MDqCEHNtdHAuY29tY2FzdC5uZXSCEHNtdHAu eGZpbml0eS5jb22CFHd3dy5zbXRwLmNvbWNhc3QubmV0MA0GCSqGSIb3DQEBCwUA A4IBAQBgn3Z51e8DZ/bO/AFqc22A4e5EqfUx4y6itcaz3mnQcU9pAsA/LK/WeY+e PtHIkWNKFlysJSbU2ByJ/6+bnebalXgRZ3sAeB2Z7UIUIHEjhcEQE2s4CxAXBiI7 SgqWjrw/Qj+AOghhMwayhIjmnNk34MmyY4f9KsAC6fIEn9ypCxuaN4lrwZcmS8iK o6PRho6pd837BEaRNIZBQpI/8WKxoKsNOu8bw8FwX/Zn8q+1oPo+0sQkmSmWOruu l8tlq8boA5R6YSBWek8hxmEZppvBs55wfNCnr2DQ4CgAREJZMKt6PIiKlgQ9r58b OSb5otnW7xsrx3SKM2zlvRA5mhfL

subject=C=US, ST=Pennsylvania, O=Comcast Corporation, CN=smtp.comcast.net issuer=C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: rsa_pss_rsae_sha256 Peer Temp Key: X25519, 253 bits --- SSL handshake has read 6708 bytes and written 1662 bytes Verification error: self-signed certificate in certificate chain --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 19 (self-signed certificate in certificate chain) --- 250 OK --- Post-Handshake New Session Ticket arrived: SSL-Session:

   Protocol  : TLSv1.3
   Cipher    : TLS_AES_256_GCM_SHA384
   Session-ID: 27FBCE0D025BF752A9F038657257E923F1E5560B92BB78A47C5C9E0FFFDBEF7B
   Session-ID-ctx:
   Resumption PSK: FAFF92690FBEDF157D2856329FDABB033F2A0948C5A0F668E4B69C197EC6E52B8DE8A676EA4A78EAEEED7E90C4935DEC
   PSK identity: None
   PSK identity hint: None
   SRP username: None
   TLS session ticket lifetime hint: 300 (seconds)
   TLS session ticket:
   0000 - 97 cc 16 34 49 69 e3 c2-8f 6b ab cb e0 53 cb c1   ...4Ii...k...S..
   0010 - e0 31 10 bf c8 94 c5 d1-59 2b 3e 84 f7 63 44 be   .1......Y+>..cD.
   0020 - 3e d6 69 b0 d4 10 7a 1a-4f 6a da 21 91 6b 34 f2   >.i...z.Oj.!.k4.
   0030 - 1c 2c df cc 5f ee b5 ce-4c 71 49 b0 28 d6 7b 92   .,.._...LqI.(.{.
   0040 - 9e 6a dd bb 93 ca 9e 44-80 1f df ec f7 e4 95 04   .j.....D........
   0050 - 7c c1 6b 1d 86 59 7c 18-7d 98 41 0d 04 a1 f1 ae   |.k..Y|.}.A.....
   0060 - 7b 6d 68 ad 68 a6 b2 32-95 71 d3 89 09 ea 28 7c   {mh.h..2.q....(|
   0070 - ee 8f 67 1e ab e6 09 d7-5d c6 67 0d 0e 63 7b 24   ..g.....].g..c{$
   0080 - 87 cc fb eb 8f a8 c6 67-60 d2 70 e6 58 93 06 d0   .......g`.p.X...
   0090 - 1f ef 95 15 53 92 95 19-85 76 91 26 7c a1 9e 96   ....S....v.&|...
   00a0 - 12 9d bd b2 a9 38 45 05-a5 28 14 65 4c ac c0 6d   .....8E..(.eL..m
   00b0 - c6 65 e7 b8 4b ff 0c dd-58 82 c9 c5 de 8d 64 ab   .e..K...X.....d.
   00c0 - f4 59 c5 5c bc bd c2 e9-34 2a d7 a7 99 21 97 60   .Y.\....4*...!.`

   Start Time: 1756752732
   Timeout   : 7200 (sec)
   Verify return code: 19 (self-signed certificate in certificate chain)
   Extended master secret: no
   Max Early Data: 0

--- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session:

   Protocol  : TLSv1.3
   Cipher    : TLS_AES_256_GCM_SHA384
   Session-ID: 13DA31F60D1C9A3207FFEA54D2CEC29BB0D44016068E3E79A18492F695B02E80
   Session-ID-ctx:
   Resumption PSK: 44D18B4AEB19CDEBA968E3BD867C3B0167C07C61DC3091072882660FC234D4B3B071B663546C5B4AC3E53A6A5C206A9B
   PSK identity: None
   PSK identity hint: None
   SRP username: None
   TLS session ticket lifetime hint: 300 (seconds)
   TLS session ticket:
   0000 - 97 cc 16 34 49 69 e3 c2-8f 6b ab cb e0 53 cb c1   ...4Ii...k...S..
   0010 - 09 52 42 f9 c9 f7 bc 99-5a b5 73 e3 9b b8 1c 91   .RB.....Z.s.....
   0020 - 16 f5 ea 33 20 29 e1 59-79 65 46 0a 4b ad b7 fe   ...3 ).YyeF.K...
   0030 - b4 aa b7 7b f8 57 36 10-71 09 19 c6 d2 64 c4 8a   ...{.W6.q....d..
   0040 - 47 f6 28 4b 62 9e be ca-d9 16 1a e7 df 7d 51 f7   G.(Kb........}Q.
   0050 - f6 66 04 fe 37 cf 0c bb-4f d8 d3 1b d6 06 be d0   .f..7...O.......
   0060 - 21 ee 9e 65 ac a3 18 80-31 b7 17 5b 23 d2 9d 4e   !..e....1..[#..N
   0070 - 57 f7 b0 66 01 5f cc c5-a1 a5 96 ee d2 d8 55 ed   W..f._........U.
   0080 - 5b 91 86 da 91 d5 3d 17-36 bd a5 97 58 ab fb ad   [.....=.6...X...
   0090 - eb eb 38 5e fd e3 7a 13-b9 f8 5c 14 f5 80 3a 72   ..8^..z...\...:r
   00a0 - 52 66 d9 23 8c a3 50 5c-3c e5 fc cb 22 21 11 3f   Rf.#..P\<..."!.?
   00b0 - a6 71 87 67 8b 33 8e b0-0a 65 46 f6 df 7a f0 f3   .q.g.3...eF..z..
   00c0 - 04 4e cf 22 ad 4d 45 69-53 9c 45 56 df 07 ae e3   .N.".MEiS.EV....

   Start Time: 1756752732
   Timeout   : 7200 (sec)
   Verify return code: 19 (self-signed certificate in certificate chain)
   Extended master secret: no
   Max Early Data: 0

--- read R BLOCK closed

C:\Users\rchar>

I have Thunderbird 128.5.2esr and my email SMIME certificates are not assigned correctly when I send them to GMX. What can I do, are there bugs? 1) Select Cert Screencopy of SELECTION 2) err msg: Err-MSG at sending

Over a month ago I began experiencing an error message when attempting to send emails from my gmail account using Thunderbird (TB). Error msg reads: Sending of the message failed. An error occurred while sending mail. The mail server responded: Must issue a STARTLS command first. For more information go to: https://support.google.com/a/answer/3221692 and review RFC 3207 specifications. 00721157ae682-765bb916a90sm38332507b3.4-gsmtp. Please verify that your email address is correct in your account settings and try again.***While I have looked at all of this, I can't really find a solution I know how to implement.***

I can send emails using Google webmail and when I do, the emails show up in my TB Sent items folder. I'm totally stumped and considering moving to Outlook. But TB has been perfect for me for years and I want to stay with it. Any help will be much appreciated!

Hello,

I am moving over to Thunderbird from outlook. I have about 8 emails with two domains. First email works okay. The second one on the same domain has turned red on the left panel and thunderbird keeps poppoing up the certificate for mail.xxx.com is not valid for the server. The other works I added the exception when setting it up. The mail server is another domain used from my cpanel hosting provider. So it does not match the domain of the emails.

I can't seem to find a way around this to get it to work. Also I under account settings it looks correct. I am thinking this error message is the incoming mail server? I don't see under account setting anything for incoming mail server which on my hosting is the same for incoming and outgoing. Appreciate any help.

Thank you!

Hello,

I just did a full windows defender scan and it turns out Trojan:Script/Wacatac.H!ml popped up when it was done and it said the files affected were:

containerfile: C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\.default-release\cache2\entries\InsertHashHere

file: C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\.default-release\cache2\entries\InsertHashHere->(GZip)

I removed the hashes or whatever they were behind the entries, I was wondering if this was a false positive? I didn't notice any slowed down or hacked accounts, also windows defender quarantined it. I've also reinstalled Firefox and deleted all folders associated with Mozilla in AppData.

I have several iterations of installing SMIME on my email account. I know the pf12 file is valid and it works on all my Android systems. However, when I try to send a digitally signed email on Thunderbird under Ubuntu, I get the message that either the SMIME certificate cannot be found or it has expired even though I went through the correct process to install it (and it shows up on the End to End Encryption settings) and when I display it, it indicates an expiry date of 2027. I have also tried to bundle it with the intermediate certificate but I still get the same error. I even tried to create my own personal SMIME certificate and use it (using SSL) and it had the same issue. Anyone have any suggestions?

This is the error I get: "Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired."

Do I need to put the SMIME certificate in a specific folder in order for it to be "re-found"