Thunderbird ceased to successfully fetch mail from Dovecot IMAP server with self-signed certs



3 years ago
2 years ago


(Reporter: mike, Unassigned)


45 Branch

Firefox Tracking Flags

(Not tracked)




3 years ago
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0
Build ID: 20160503092831

Steps to reproduce:

Server info:

# dpkg -l | egrep 'postfix|dovecot|sasauthd|spamassassin|opendkim'
ii  dovecot-core                          1:2.1.7-7+deb7u1                    amd64        secure mail server that supports mbox, maildir, dbox and mdbox mailboxes
ii  dovecot-imapd                         1:2.1.7-7+deb7u1                    amd64        secure IMAP server that supports mbox, maildir, dbox and mdbox mailboxes
ii  libopendkim7                          2.6.8-4                             amd64        Library for signing and verifying DomainKeys Identified Mail signatures
ii  opendkim                              2.6.8-4                             amd64        Milter implementation of DomainKeys Identified Mail
ii  opendkim-tools                        2.6.8-4                             amd64        Set of command line tools for OpenDKIM
ii  postfix                               2.9.6-2                             amd64        High-performance mail transport agent
ii  spamassassin                          3.3.2-5+deb7u3                      all          Perl-based spam filter using text analysis

Client info:

$ uname -a
Linux fedora 4.4.9-300.fc23.x86_64 #1 SMP Wed May 4 23:56:27 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
$ sudo dnf info thunderbird
Last metadata expiration check: 0:39:43 ago on Mon May 16 20:58:02 2016.
Installed Packages
Name        : thunderbird
Arch        : x86_64
Epoch       : 0
Version     : 45.0
Release     : 4.fc23
Size        : 127 M
Repo        : @System
From repo   : updates
Summary     : Mozilla Thunderbird mail/newsgroup client
URL         :
License     : MPLv1.1 or GPLv2+ or LGPLv2+
Description : Mozilla Thunderbird is a standalone mail and newsgroup client.

- In Thunderbird, choose Edit > Account Settings > Account Actions > Add Mail Account...
- Enter name, email, password

Actual results:

- Thunderbird accurately detects SMTP server settings
- Thunderbird fails to detect IMAP settings
- Upon filling in appropriate IMAP settings and clicking Re-test, "Probing server" is displayed for a long time.
- Dovecot repeated logs messages on the server like "dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=XXX.XXX.XXX.XXX, lip=XXX.XXX.XXX.XXX, TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48, session=<4H7KvAAzgABHDk4U>"
- If I click "Done" instead of "Re-test", I get an endless number of "Confirm Security Exception" pop-ups for the self-signed certificate.

Expected results:

- Thunderbird should have connected to the IMAP server and successfully logged in. Other clients like Gnome Evolution and iOS mail are able to successfully send & receive messages using the same settings. Thunderbird was also able to successfully send & receive up until recently. I'm not sure if a regular update brought about the issue, but nothing else changed on the server or client that I can think of.

Comment 1

2 years ago
Follow-up: After hours of troubleshooting, I was able to resolve this issue by appending the text of the CA cert to Dovecot's certificate file. I had installed the CA certificate into Thunderbird's list of trusted CAs, so I'm not entirely sure why the server needed to explicitly provide it as well, but regardless, it's fixed.
Last Resolved: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.