User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:22.214.171.124) Gecko/20070309 Firefox/126.96.36.199 Build Identifier: 188.8.131.52 (20070221) To fetch mail, I have to enter my master password. Shouldn't I have to if I send mail too? Particularly if authentication is required to connect to the smtp server! No password is asked for. e.g. Hit a mailto link in a web page, or just send before retrieving. Off it goes. If I then retrieve mail - _then_ it asks for the master password. Reproducible: Always Steps to Reproduce: 1. 2. 3.
If you didn't need to enter the master password then the SMTP server did not ask for a password. Many ISPs seem to be set up this way for customers accessing the server from a company-run IP address (dial-up or broadband). They use a password for external IP addresses to allow traveling customers to send mail while preventing spam relaying.
You may be missing the point ... The (security) point of having a master password is so nobody can fetch your mail. By the same token, nobody should be allowed to send as you without having entered a password. The fact that someone can read your already fetched mail without the master password, well, serves you right for walking away without locking the computer. Which, although is an argument for not having a master password at all, if you need one to fetch mail, you should need one to send it too.
Er, no -- the point of the Master Password is to securely lock your saved passwords (and certificates, but that doesn't come into play here). If nothing asks for a password then Thunderbird doesn't need to ask for the Master Password to unlock it. Note that unsigned mail is completely insecure by design -- anyone anywhere can send mail claiming to be from you. You probably get virus/spam bounces rejecting mail you supposedly sent to someone else's mail account that proves that much. You can bug your ISP to password protect their SMTP server. You can add your voice to the people asking for password-protected local profiles, but that's a different bug.