Closed Bug 1876992 Opened 8 months ago Closed 7 months ago

Incorrect autoconfiguration (no encryption) selected for maxq.uk

Categories

(Thunderbird :: Account Manager, defect)

Product:
Thunderbird
Component:
Account Manager
Version:
Thunderbird 115
Type:
defect

Tracking

(thunderbird_esr115 fixed, thunderbird124 wontfix)

Status:
RESOLVED FIXED
Milestone:
125 Branch
Tracking Flags:
Tracking Status
thunderbird_esr115 --- fixed
thunderbird124 --- wontfix

People

(Reporter: lzqhwo, Assigned: mkmelin)

References

Details

Attachments

(1 file)

Bug 1876992 - Support Encryption element for imap/pop3/smtp exchange autodiscovery. r=#thunderbird-reviewers
48 bytes, text/x-phabricator-request
wsmwk
: approval-comm-esr115+
Details | Review

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36

Steps to reproduce:

I added a newly created Ionos email account for a newly created domain name to Thunderbird.

Actual results:

The IMAP server configuration was successfully retrieved but encryption was disabled for both IMAP and SMTP.

DNS entries:

example.com. 3600 IN MX 10 mx01.ionos.co.uk.
example.com. 3600 IN MX 10 mx00.ionos.co.uk.
example.com. 3600 IN TXT "v=spf1 include:_spf-eu.ionos.com ~all"

_domainconnect.example.com. 3600 IN CNAME _domainconnect.ionos.com.

autodiscover.example.com. 3600 IN CNAME adsredir.ionos.info.

Expected results:

Encryption should be enabled for both IMAP and SMTP.

Also, the pop-up message said "Thunderbird found your account setup information on 1and1.info. Do you want to proceed and submit your credentials?".

1and1 is now called Ionos.

Tried setting up for foo@ionos.co.uk
It set me up with encryption (I assume) correctly.

Could you try setting up user@maxq.uk in Thunderbird ?

Right, that will set them to not use encryption.
But it's not through DNS. This is found through the Exchange autoconfiguration mechanism.

Component: Untriaged → Account Manager
Summary: Incorrect autoconfiguration information for Ionos → Incorrect autoconfiguration (no encryption) selected for maxq.uk

Does that mean any fix you apply will only apply to my mailbox, and not any other mailboxes hosted on Ionos?

We end up with

curl 'https://user%40maxq.uk@autodiscover.1and1.info/Autodiscover/Autodiscover.xml' --compressed -X POST -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: text/xml; charset=utf-8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0 Thunderbird/124.0a1' -H 'Connection: keep-alive' --data-raw $'<?xml version="1.0" encoding="utf-8"?>\n    <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">\n      <Request>\n        <EMailAddress>user@maxq.uk</EMailAddress>\n        <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>\n      </Request>\n    </Autodiscover>'

The response looks like it wants ssl to be used, so not sure why that's not happening.

<?xml version="1.0" encoding="utf-8"?>
<Autodiscover
  xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response
    xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName/>
      <AutoDiscoverSMTPAddress>user@maxq.uk</AutoDiscoverSMTPAddress>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>

      <Protocol>
        <Type>IMAP</Type>
        <LoginName>user@maxq.uk</LoginName>
        <Encryption>SSL</Encryption>
        <Port>993</Port>
        <Server>imap.ionos.co.uk</Server>
        <SPA>off</SPA>
        <TTL>0</TTL>
      </Protocol>

      <Protocol>
        <Type>POP</Type>
        <LoginName>user@maxq.uk</LoginName>
        <AuthRequired>on</AuthRequired>
        <Encryption>SSL</Encryption>
        <Port>995</Port>
        <Server>pop.ionos.co.uk</Server>
        <SPA>off</SPA>
        <TTL>0</TTL>
      </Protocol>

      <Protocol>
        <Type>SMTP</Type>
        <LoginName>user@maxq.uk</LoginName>
        <Encryption>Auto</Encryption>
        <Port>587</Port>
        <Server>smtp.ionos.co.uk</Server>
        <SPA>off</SPA>
        <UsePOPAuth>on</UsePOPAuth>
        <TTL>0</TTL>
      </Protocol>
      
    </Account>
  </Response>
</Autodiscover>
Status: UNCONFIRMED → NEW
Ever confirmed: true

I agree, it looks like an issue with the way Thunderbird interprets the response. My understanding is that all Ionos-hosted mailboxes being added to Thunderbird will have this suggestion of encryption disabled.

On a separate point, Autodiscover seems to be a useful protocol for spammers to discover which usernames have a mailbox on any given domain:

curl 'https://foo%40maxq.uk@autodiscover.1and1.info/Autodiscover/Autodiscover.xml' --compressed -X POST -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: text/xml; charset=utf-8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0 Thunderbird/124.0a1' -H 'Connection: keep-alive' --data-raw $'<?xml version="1.0" encoding="utf-8"?>\n    <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">\n      <Request>\n        <EMailAddress>foo@maxq.uk</EMailAddress>\n        <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>\n      </Request>\n    </Autodiscover>'

<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response>
<Error Time="13:25:07.0000597" Id="574778630411619">
<ErrorCode>500</ErrorCode>
<Message>Wrong password or email address cannot be found. The Autodiscover server cannot determine how to provide configuration information for the requested email address.</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>

This element is apparently not supported after Outlook2016.

Test it using user@maxq.uk (no password)

Assignee: nobody → mkmelin+mozilla
Status: NEW → ASSIGNED

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/249fc283143d
Support Encryption element for imap/pop3/smtp exchange autodiscovery. r=leftmostcat

Status: ASSIGNED → RESOLVED
Closed: 7 months ago
Resolution: --- → FIXED
status-thunderbird124: --- → affected
status-thunderbird_esr115: --- → affected
Target Milestone: --- → 125 Branch

Comment on attachment 9377616 [details]
Bug 1876992 - Support Encryption element for imap/pop3/smtp exchange autodiscovery. r=#thunderbird-reviewers

[Approval Request Comment]
Regression caused by (bug #): never worked
User impact if declined: autoconfig may suggest unencrypted when encrypted was available
Testing completed (on c-c, etc.): c-c, beta
Risk to taking this patch (and alternatives if risky): very safe

Attachment #9377616 - Flags: approval-comm-esr115?

Comment on attachment 9377616 [details]
Bug 1876992 - Support Encryption element for imap/pop3/smtp exchange autodiscovery. r=#thunderbird-reviewers

[Triage Comment]
Approved for esr115

Attachment #9377616 - Flags: approval-comm-esr115? → approval-comm-esr115+
Duplicate of this bug: 1799635
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: