Closed Bug 931034 Opened 12 years ago Closed 11 years ago

Thunderbird 24.0 w/ STARTTLS with MAC OS X Server 10.6.8

Categories

(MailNews Core :: Security, defect)

Product:
MailNews Core
Component:
Security
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: FRusso, Unassigned)

References

(
URL
)

Details

(Keywords: regression, Whiteboard: [gs])

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 (Beta/Release) Build ID: 20130910160258 Steps to reproduce: Thunderbird 24.0.0 or above OS Client: MAC 10.6.8 or above AND Windows XP or above (both are effected, same problem) Mail Server: MAC OS X Server 10.6.8 (Build 10K549), Mail server: Postfix 2.5.14. 1) Install clean of Thunderbird 24.0.1 on client computer 2) Create New Mail Account - (It set to STARTTLS on both IMAP and SMTP after checked with our mail server.) Reproduce? Yes. Actual results: It does not show Password window when start Thunderbird. Status line showed "Checking mail server capabilites" after clicked "Get Mail" and take time very long. When try to send message and get error message: Sending of message failed. The message could not be sent using SMTP server smtp.****.*** for an unknown reason. Please verify that your SMTP server settings are correct and try again, or contact your network administrator. Expected results: I would like report Thunberbird 17.0.8 or below on both MAC and Windows clients is working fine with our mail server without any problem. Thunderbird 24.0 is buggy on STARTTLS and SSL/TLS. But on Connection security set to "None" and it is working. I would use STARTTLS. there is smtp.log on both clients and server-side with STARTTLS mode: Client-side: 1882811584[100330240]: SMTP Connecting to: mail.****.*** 1882811584[100330240]: SMTP entering state: 0 1882811584[100330240]: SMTP Response: 220 ****.*** ESMTP Postfix 1882811584[100330240]: SMTP entering state: 14 1882811584[100330240]: SMTP Send: EHLO Fanwood-200.local 1882811584[100330240]: SMTP entering state: 0 1882811584[100330240]: SMTP Response: 250-****.*** 1882811584[100330240]: SMTP entering state: 0 1882811584[100330240]: SMTP Response: 250-PIPELINING 1882811584[100330240]: SMTP entering state: 0 1882811584[100330240]: SMTP Response: 250-SIZE 67108864 1882811584[100330240]: SMTP entering state: 0 1882811584[100330240]: SMTP Response: 250-VRFY 1882811584[100330240]: SMTP entering state: 0 1882811584[100330240]: SMTP Response: 250-ETRN 1882811584[100330240]: SMTP entering state: 0 1882811584[100330240]: SMTP Response: 250-STARTTLS 1882811584[100330240]: SMTP entering state: 0 1882811584[100330240]: SMTP Response: 250-ENHANCEDSTATUSCODES 1882811584[100330240]: SMTP entering state: 0 1882811584[100330240]: SMTP Response: 250-8BITMIME 1882811584[100330240]: SMTP entering state: 0 1882811584[100330240]: SMTP Response: 250 DSN 1882811584[100330240]: SMTP entering state: 4 1882811584[100330240]: SMTP entering state: 21 1882811584[100330240]: SMTP Send: STARTTLS 1882811584[100330240]: SMTP entering state: 0 1882811584[100330240]: SMTP Response: 220 2.0.0 Ready to start TLS 1882811584[100330240]: SMTP entering state: 19 1882811584[100330240]: SMTP entering state: 14 1882811584[100330240]: SMTP Send: EHLO Fanwood-200.local (it stopped after last line. Note: I changed domain name to hide. (****.***) server side: Oct 23 11:43:09 mail postfix/smtpd[58224]: connect from unknown[172.16.16.16] Oct 23 11:43:10 mail postfix/smtpd[58224]: lost connection after STARTTLS from unknown[172.16.16.16] Oct 23 11:43:10 mail postfix/smtpd[58224]: disconnect from unknown[172.16.16.16] I have to force to downgrade Thunderbird to 17.0 and it is working again. Also I disabled Auto-Update to avoid update it to 24.
OS: Windows 8.1 → Mac OS X
Hardware: x86_64 → x86
Hardware: x86 → x86_64
Similar report on GetSatisfaction, http://gsfn.us/t/4ak9i (also Postfix on an Apple server). I'm moving this to Networking: SMTP as a starting point, though it looks like something in the NSS code may be unexpectedly closing the connection for whatever reason.
URL: http://forums.mozillazine.org/viewtop...
Component: Untriaged → Networking: SMTP
Product: Thunderbird → MailNews Core
Whiteboard: [gs]
I found Bug 930878 that similar to this bug.
(Quoting Alastair Sherringham from bug 930878 comment #10) > I've done some manual tests and think I have the regression point. > [snip] > 2013-05-14-00-40-02-comm-aurora/ ----- BAD > 2013-05-13-00-40-21-comm-aurora/ ----- OK Can you check if the regression range is the same for your case, i.e., - make a backup copy of your profile > http://kb.mozillazine.org/Profile_folder_-_Thunderbird#Mac_OS_X - check if the following build *works* > https://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/2013/05/2013-05-13-03-06-17-comm-central/thunderbird-23.0a1.en-US.mac.dmg - check if the following build is *broken* > https://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/2013/05/2013-05-14-03-11-45-comm-central/thunderbird-24.0a1.en-US.mac.dmg - go back to 24.0.1 and restore you profile from the backup. That was the identified regression range for Linux in the other bug.
Ok, It took me longer to check each build. I think I located a build which STARTTLS are broken with MAC OS X Server 10.6.8 (Build 10K549) I found MAC, Windows 32-Bits and 64-Bits clients are effected as I tested them. I found Build 23 is beginning of STARTTLS bug. "Work" Build is Daily 23.0a1 (4/30/2013). Link: https://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/2013/04/2013-04-30-03-05-59-comm-central/ This build 23 - 4/30/2013 or before is working fine. I tested 17, 18, 19, 20, 21, and 22 are working fine. "Broken" Build is Daily 23.0a1 (5/1/2013). Link: https://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/2013/05/2013-05-01-03-06-08-comm-central/ This Build 23 - 5/1/2013 or after is broken and It do not working and failed STARTTLS. I tested 24, 25, 26, and 27 are broken. Is what you look for? I hope Devs can find this bug.
Keywords: regression
I would like to add note to this bug.I believed IMAP w/ STARTTLS also problem. I have two imap.logs, Work and Broken build as infomation above. "Work" Build is Daily 23.0a1 (4/30/2013) (or before it) imap.log: 11440[7d70000]: ImapThreadMainLoop entering [this=b632800] 0[1f09800]: b632800:mail.nysd.net:NA:SetupWithUrl: clearing IMAP_CONNECTION_IS_OPEN 11440[7d70000]: b632800:mail.nysd.net:NA:ProcessCurrentURL: entering 11440[7d70000]: b632800:mail.nysd.net:NA:ProcessCurrentURL:imap://frusso@mail.nysd.net:143/select%3E.INBOX: = currentUrl 11440[7d70000]: ReadNextLine [stream=cb67710 nb=21 needmore=0] 11440[7d70000]: b632800:mail.nysd.net:NA:CreateNewLineFromSocket: * OK Dovecot ready. 11440[7d70000]: b632800:mail.nysd.net:NA:SendData: 1 capability 11440[7d70000]: ReadNextLine [stream=cb67710 nb=213 needmore=0] 11440[7d70000]: b632800:mail.nysd.net:NA:CreateNewLineFromSocket: * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ ID IDLE CHILDREN NAMESPACE LOGIN-REFERRALS UIDPLUS LIST-EXTENDED I18NLEVEL=1 QUOTA STARTTLS AUTH=CRAM-MD5 AUTH=LOGIN AUTH=PLAIN 11440[7d70000]: ReadNextLine [stream=cb67710 nb=28 needmore=0] 11440[7d70000]: b632800:mail.nysd.net:NA:CreateNewLineFromSocket: 1 OK Capability completed. 11440[7d70000]: b632800:mail.nysd.net:NA:SendData: 2 STARTTLS 11440[7d70000]: ReadNextLine [stream=cb67710 nb=33 needmore=0] 11440[7d70000]: b632800:mail.nysd.net:NA:CreateNewLineFromSocket: 2 OK Begin TLS negotiation now. 11440[7d70000]: b632800:mail.nysd.net:NA:SendData: 3 capability 11440[7d70000]: ReadNextLine [stream=cb67710 nb=204 needmore=0] 11440[7d70000]: b632800:mail.nysd.net:NA:CreateNewLineFromSocket: * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ ID IDLE CHILDREN NAMESPACE LOGIN-REFERRALS UIDPLUS LIST-EXTENDED I18NLEVEL=1 QUOTA AUTH=CRAM-MD5 AUTH=LOGIN AUTH=PLAIN 11440[7d70000]: ReadNextLine [stream=cb67710 nb=28 needmore=0] 11440[7d70000]: b632800:mail.nysd.net:NA:CreateNewLineFromSocket: 3 OK Capability completed. 11440[7d70000]: try to log in 11440[7d70000]: IMAP auth: server caps 0x4E7627, pref 0x20000, failed 0x0, avail caps 0x20000 11440[7d70000]: (GSSAPI = 0x1000000, CRAM = 0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000, LOGIN = 0x2, old-style IMAP login = 0x4)auth external IMAP login = 0x20000000 11440[7d70000]: trying auth method 0x20000 11440[7d70000]: got new password 11440[7d70000]: IMAP: trying auth method 0x20000 11440[7d70000]: MD5 auth 11440[7d70000]: b632800:mail.nysd.net:NA:SendData: 4 authenticate CRAM-MD5 11440[7d70000]: ReadNextLine [stream=cb67710 nb=64 needmore=0] 11440[7d70000]: b632800:mail.nysd.net:NA:CreateNewLineFromSocket: + PDAxMjE5NzgzNzQ3ODAyMTQuMTM4MzA3NTU2OUBtYWlsLm55c2QubmV0Pg== 11440[7d70000]: b632800:mail.nysd.net:NA:SendData: ZnJ1c3NvIDliMGY0M2U5NWFjYWY2MWI4NmNhNDg0ZDk0MGQ1Yjc3 11440[7d70000]: ReadNextLine [stream=cb67710 nb=17 needmore=0] 11440[7d70000]: b632800:mail.nysd.net:NA:CreateNewLineFromSocket: 4 OK Logged in. 11440[7d70000]: login succeeded And lot of lines after that. I removed them. Now for "Broken" Build is Daily 23.0a1 (5/1/2013) (and after it) imap.log: 6296[cc68400]: ImapThreadMainLoop entering [this=d7f3000] 0[2609800]: d7f3000:mail.nysd.net:NA:SetupWithUrl: clearing IMAP_CONNECTION_IS_OPEN 6296[cc68400]: d7f3000:mail.nysd.net:NA:ProcessCurrentURL: entering 6296[cc68400]: d7f3000:mail.nysd.net:NA:ProcessCurrentURL:imap://frusso@mail.nysd.net:143/select%3E.INBOX: = currentUrl 6296[cc68400]: ReadNextLine [stream=d657010 nb=21 needmore=0] 6296[cc68400]: d7f3000:mail.nysd.net:NA:CreateNewLineFromSocket: * OK Dovecot ready. 6296[cc68400]: d7f3000:mail.nysd.net:NA:SendData: 1 capability 6296[cc68400]: ReadNextLine [stream=d657010 nb=213 needmore=0] 6296[cc68400]: d7f3000:mail.nysd.net:NA:CreateNewLineFromSocket: * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ ID IDLE CHILDREN NAMESPACE LOGIN-REFERRALS UIDPLUS LIST-EXTENDED I18NLEVEL=1 QUOTA STARTTLS AUTH=CRAM-MD5 AUTH=LOGIN AUTH=PLAIN 6296[cc68400]: ReadNextLine [stream=d657010 nb=28 needmore=0] 6296[cc68400]: d7f3000:mail.nysd.net:NA:CreateNewLineFromSocket: 1 OK Capability completed. 6296[cc68400]: d7f3000:mail.nysd.net:NA:SendData: 2 STARTTLS 6296[cc68400]: ReadNextLine [stream=d657010 nb=33 needmore=0] 6296[cc68400]: d7f3000:mail.nysd.net:NA:CreateNewLineFromSocket: 2 OK Begin TLS negotiation now. 6296[cc68400]: d7f3000:mail.nysd.net:NA:SendData: 3 capability 6296[cc68400]: ReadNextLine [stream=d657010 nb=0 needmore=1] <---- this possible broken -----> 6296[cc68400]: d7f3000:mail.nysd.net:NA:CreateNewLineFromSocket: clearing IMAP_CONNECTION_IS_OPEN - rv = 805a1fa5 6296[cc68400]: d7f3000:mail.nysd.net:NA:TellThreadToDie: close socket connection 6296[cc68400]: d7f3000:mail.nysd.net:NA:CreateNewLineFromSocket: (null) 6296[cc68400]: try to log in 6296[cc68400]: IMAP auth: server caps 0x4E7627, pref 0x20000, failed 0x0, avail caps 0x20000 6296[cc68400]: (GSSAPI = 0x1000000, CRAM = 0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000, LOGIN = 0x2, old-style IMAP login = 0x4)auth external IMAP login = 0x20000000 6296[cc68400]: trying auth method 0x20000 6296[cc68400]: login failed entirely 6296[cc68400]: d7f3000:mail.nysd.net:NA:ProcessCurrentURL: aborting queued urls 6296[cc68400]: ImapThreadMainLoop leaving [this=d7f3000] Ok It might help to track it down.
Component: Networking: SMTP → Security
Version: 24 → 22
Bug 933416 /may/ be another instance (with POP).
Severity: normal → major
A note that I encountered a situation with very similar symptoms, and a very similar SMTP protocol trace. I tracked down the problem to an out-of-date SSL certificate on the SMTP server.
Updated Importance to critical. Because of Thunderbird versions from 18 to 31 (include 24.4 that released to world.) is not have been solved with SSL/TLS problem with MAC xserver 10.6
Severity: major → critical
Version: 22 → 31
(In reply to FRusso from comment #0) > 2) Create New Mail Account - (It set to STARTTLS on both IMAP and SMTP after checked with our mail server.) Auto-Config may access non-SSL port first, and if server supports both "SSL/TLS in Tb" and "StartTLS in Tb", StartTLS may be set by auto-config. IIRC, majority of IMAP servers uses SSL/TLS insteead of StartTLS, although some SMTP servers uses "Message Submission Port + StartTLS" but some SMTP servers uses "SSL port + SSL/TLS". And, many servers supports both SSL/TLS and StartTLS. Does your provider actually request or recommend StartTLS use(StartTLS extention) instead of SSL port use?
(In reply to WADA from comment #10) I dont think so. Because my server use both SSL/TLS and StartTLS. I have tested both StartTLS and SSL/TLS mode in TB 17.0.6, I have no problem to access to server, in StartTLS or SSL/TLS. Right now, on TB 18 or above. (I did tested each versions, all way to 31.) I did tested and both StartTLS and SSL/TLS and failed to connect to server. No error message show up in TB. It take too long time. It do not ask for password. Note: on "Normal" mode (No SSL/TLS or StartTLS) , all version of TB, I able connected to server. It mean a bug within SSL package after TB 17.
(In reply to FRusso from comment #11) Thanks for clear description about "not StartTLS only problem".
Updated Note: With Build 34, All is working again as normal. Appeared someone have fixed it.
I checked Thunderbird 31.1.0 version that released to World. and I found thunderbird are working with our mail system as normal. Thank you. Ticket will be close.
Severity: critical → normal
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.