Closed Bug 930878 Opened 11 years ago Closed 9 years ago

IMAP with SSL/TLS,normal password fails to retrieve mail after v22.0

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
26 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: sherringham, Unassigned)

Details

(Keywords: regression)

Attachments

(7 files)

IMAP connection debug log for 26.0a2
1003 bytes, text/x-log
Details
IMAP server (dovecot) log for failed 26.0a2 connection
209 bytes, text/plain
Details
IMAP OK connection log (debug) for v22.0
258.86 KB, text/plain
Details
IMAP OK connection log on dovecot server for v22.0
669 bytes, text/plain
Details
TB account setup details
40.62 KB, image/png
Details
22.0 certificate error dialog expected
45.53 KB, image/png
Details
TB 26.0a2 account setup errors displayed
47.02 KB, image/png
Details
Something has gone wrong with TB's IMAP mail for me. I have been using TB with IMAP for a long time but this has stopped working about a week ago - my suspicions obviously on the 24.0.1 update to 24.0. Connection does not seem to happen and no mail is downloaded. No password or certificate prompt. My setup (considering receiving only) : Domain sherringham.net IMAP server (dovecot), port 993 Using self-signed cert (for domain sherringham.org) TB 24.0.1 Linux x64 (Debian Testing) I could receive mail for sherringham.net fine until about a week ago. The break /seems/ to coincide with the 24.0 to 24.0.1 update but I am not 100% sure. IMAP - port 993 server : mail.sherringham.net security - SSL/TLS auth - normal password Now, any connect to the IMAP server fails (ignoring send for now) - and the server logs : 2013-10-24 07:43:04 imap-login: Info: Disconnected (no auth attempts): rip=62.3.225.196, lip=85.119.82.212, TLS: SSL_read() failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown NOTE - "no auth attempts", no username etc. Trying a fresh TB install of 24.0 - I cannot complete the server setup at the start - it fails on the test. Error on server as above. TB does not seem to give any cert errors, or prompt for any cert exception or import etc. Tracing backwards and trying older (and newer) versions - each with a completely fresh install (empty ~/.thunderbird profile folder) : 1) 17.0b1 OK 2) 20.0b1 OK 3) 21.0b1 OK 4) 22.0b1 OK 5) 23.0b1 <-- FAIL 6) 26.0a2 <-- FAIL (plus have IMAP debug logs attached) IMAP debug logging in (6) as per https://wiki.mozilla.org/MailNews:Logging. For a normal working version (up to 22.0) I am prompted about an error in the cert : a) self-signed b) wrong domain (for sherringham.org not sherringham.net) I "confirm exception" and can read mail. The failing versions do not show this prompt at all. I attach some files that nay help. The logs of FAILING v26.0a2 - local client and from dovecot server : a) thunderbird-imap-26.0a2.en-US.linux-x86_64.log b) thunderbird-imap-26.0a2.en-US.linux-x86_64-dovecot.log Logs for an OK v22.0 : c) thunderbird-imap-22.0b1.log d) thunderbird-imap-22.0b1-dovecot.log The v26.0 error dialog I see : e) thunderbird-account-setup-26.0-error.png The account setup dialog : f) thunderbird-account-setup.png The certificate error dialog I get for v22.0 (but not 26.0) : g) thunderbird-imap-22.0b1-cert-dialog.png
from the nightly builds please find when it regressed
Flags: needinfo?(sherringham)
(In reply to Wayne Mery (:wsmwk) from comment #7) > from the nightly builds please find when it regressed Can I ask for some guidance before I waste lots of time doing the wrong thing please? Looking at all the folders here? https://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/2013/ Months 01 - 10. Folders contain "comm-aurora" and "comm-central". Lots of files called (e.g.) : 05/2013-05-20-00-40-04-comm-aurora/ thunderbird-23.0a2.en-US.linux-x86_64.tar.bz2 My break is between 22.0 and 23.0 - so I assume I'm looking for files like 23.0a1 23.0a2 etc. and there are multiple 23.0a2 archives in different folders/dates. Are all 23.0a2 archives the same code I assume? Only test 23.0a1, 23.0a2 etc.? Sorry - but there's a lot of folders and files. Thanks for your help.
OK - I have been using mozregression : http://mozilla.github.io/mozregression/ which seems like a great way to help/automate the testing. Running as : mozregression --app=thunderbird --good=XXX --bad=YYY Unfortunately I have not found any daily build that works so far. So I am digging a bit more to try and figure out what's going on and how to proceed. I will try and find a build that is "equivalent" to what I am using that works ("22.0") and check it works. Then look from there.
I've done some manual tests and think I have the regression point. From : https://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/2013/05/ 2013-05-14-00-40-02-comm-aurora/ ----- BAD 2013-05-13-00-40-21-comm-aurora/ ----- OK Using "thunderbird-XXXXX.en-US.linux-x86_64.tar.bz2". So the 2013-05-14 build is the first bad one for me. 2013-05-13 lets me set up the account and it prompts me to accept (and add exception for) the certificate. Versions after this never do this and fail as described above. Thanks for your attention.
Flags: needinfo?(sherringham)
(In reply to Alastair Sherringham from comment #10) > 2013-05-14-00-40-02-comm-aurora/ ----- BAD > 2013-05-13-00-40-21-comm-aurora/ ----- OK
Component: Untriaged → Security
Keywords: regression
Hi. Just posting to confirm that all of Alastair's information matches my experience exactly (server logs included). I can only add my slightly different nightly test results: 2013-05-13-03-06-17-comm-central/ ----- BAD 2013-05-13-00-40-21-comm-aurora/ ----- OK Everything including and after 23.0a1 is not working.
My Gmail is configured IMAP SSL/TLS normal password and that works. It's probably a problem with the self signed certificate, but I didn't see any changes on http://hg.mozilla.org/comm-central/pushloghtml?startdate=2013-05-13+00%3A40%3A21&enddate=2013-05-14+00%3A40%3A02 that can be related. I expanded the timeslot and also looked in mozilla-central
Bug 931034 that similar to this bug. I think "dovecot" mail server is only not working with thunderbird 22 or above? I used Apple Xserver, which use dovecot mail server.
(In reply to FRusso from comment #14) > Bug 931034 that similar to this bug. > > I think "dovecot" mail server is only not working with thunderbird 22 or > above? I used Apple Xserver, which use dovecot mail server. However, if comment 12 means the first bad build for this bug is 2013-05-13 then we don't have a match in bug 931034 comment 5 (2013-04-30 to 05-01)
still see this problem when usig version 31 or 38? (In reply to Onno Ekker [:nONoNonO UTC+1] from comment #13) > My Gmail is configured IMAP SSL/TLS normal password and that works. It's > probably a problem with the self signed certificate, but I didn't see any > changes on > http://hg.mozilla.org/comm-central/pushloghtml?startdate=2013-05- > 13+00%3A40%3A21&enddate=2013-05-14+00%3A40%3A02 that can be related. I > expanded the timeslot and also looked in mozilla-central nor in http://hg.mozilla.org/mozilla-central/pushloghtml?startdate=2013-05-13%2003:05:00&enddate=2013-05-14%2003:05:00
Flags: needinfo?(sherringham)
Flags: needinfo?(aragon)
FYI - I can no longer test this issue because I stopped running my own mail server. I still use Thunderbird, but now use Fastmail. Sorry.
Flags: needinfo?(sherringham)
Aragon, how about you?
Whiteboard: [closeme 2015-07-05]
Resolved per whiteboard
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Flags: needinfo?(aragon)
Resolution: --- → INCOMPLETE
Whiteboard: [closeme 2015-07-05]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: