Closed Bug 387421 Opened 17 years ago Closed 16 years ago

probe mail server abilities on account creation (auto-detect SSL/TLS)

Categories

(Thunderbird :: Account Manager, enhancement)

Product:
Thunderbird
Component:
Account Manager
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 422814

People

(Reporter: ch.ey, Unassigned)

References

Details

(Whiteboard: [sg:want]) 

Reviving what David wrote in bug 311657:

If you look at mail.app, it tries to figure out if it should connect on the SSL port, or use TLS, or not, when you go through new account setup. We want to do something like that at least. And the automatic detection of secure auth capabilities and success using secure auth [...]

I think I'd want to do it at account creation time, and probably set a flag on the url that says we're doing discovery, so we'd skip putting up error messages, and we'd remember if we connected via ssl or normal port, whether the server advertised secure auth, and/or TLS.


Question that arises from that (for me) is what influence shall the user have. Should the probing run in any case or only started by the user? Should the user be able to review the results and change in the account wizard? What if the machine running TB isn't online?

Technically probing for authentication mechanisms in POP3/IMAP should be fairly easy to implement like it was done for SMTP.
Probing for STARTTLS is easy too. SMTP-over-SSL could be more complex since we'll want to avoid long timeouts.
I guess testing should be done on ports 25, 587 and 465 587, stopping on first success.
Question is what a success is. Is noticing STARTTLS keywords in capabilities and getting ACK in response to SYN on port 465 enough for SMTP-over-SSL? Or is testing full connection preferable?
There is also bug 185631.
Uh, right. Slightly different since it's only about the connection type. On the other side I also thought about to make this bug a meta bug.
Summary: probing the server's abilities → probing the server's abilities on account creation
Summary: probing the server's abilities on account creation → probe mail server abilities on account creation (auto-detect SSL/TLS)
Whiteboard: [sg:want]
(In reply to comment #0)
> Should the probing run in any case or only started by the user? Should the user
> be able to review the results and change in the account wizard? What if the
> machine running TB isn't online?

See my remarks in bug 394487 comment #1 on coordinating this with bug 221030 and bug 80919 for extending the account wizard user interface by port-selection and SSL/TLS options. This would allow the user to specify known connection parameters or leave them as unknown (= to be determined when first needed) individually when setting up the POP or IMAP and SMTP servers.
Flags: blocking-thunderbird3?
Per bug 383841, also any secure authentication protocols should be included during this probing process (specifically in cases where the server does not support encryption).
Some variation of this bug seems key to improving the configuration experience for Tb3.  Approving as blocker, although some other bug may trump, at which point this bug will likely be a dupe.

(Note that re: comment #0, that the order of port probing is important with plaintext ports probed after the secure ones).
Flags: blocking-thunderbird3? → blocking-thunderbird3+
I'm interested in exploring this, or at least doing the protocol side work and getting some help on the changes to the account wizard. Would we also want to include things like imap vs. pop3 detection, which would really involve changes to the account wizard, since I think that's the first question we ask. 
This should probably be merged (or duped) into bug 422814
right, duping to where some of the work is going on.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.