Thunderbird has a potential Safty Risk with login.live.com and refuse to load it
Hello Community,
I try to add a live.de mail account to Thunderbird 115.12.2.
I used these setting: IMAP Server outlook.office365.com with SSL on Port 993 and OAuth2 SMTP Server smtp.office365.com with STARTTLC on Port 587 and OAuth2
The TEST button is successfull and if I proceed it fail with the authen login page login.live.com because of security concern.
When I copy the link to the Edge Browser it works but the Thunderbird does not know about this. I can even find on the Microsoft Account that the Thunderbird is authorized to have access but mail account in TB is not created.
How can overcome this security issue? Maybe I can add a trustworth page in the Settings?
Regards Hubert
所有回复 (1)
Stop your antivirus product from intercepting Thunderbird's attempt to connect to the internet and replacing the valid encryption certificate used by Microsoft with their self signed one that they use to undertake their man-in-the-middle hack of your encrypted communications they call scanning. Thunderbird does not automatically trust certificates that are not issued from the chain of trust that backs the Internet's encrypted communications. It is up to the user to make their own informed decision if they trust the company. Given how many of them are based in Eastern Europe, the US and some other governments are suggesting a number of the companies can not really be trusted.
Edge does not have an isolated certificate store that can not be easily manipulated from another program, so it trusts the self signed certificate in the Microsoft store inserted by the antivirus product.
Thunderbird maintains it's own non programmable store. So you must manually choose to reduce your security if you wish to have this scanning active by adding the self signed certificate to the store. Most antivirus vendors using self signed certificates have instructions on their web site. Personally I use defender and have no such issues.