Administrators Marcos 5,294 Posted November 18, 2016 Administrators Share Posted November 18, 2016 Marcos, I understand that I will get the warning regardless of ESET's presence. The thing is, if I disable SSL scanning I only get the warning ONCE. I select the "permanently store this exception" and I never see it again. That's with both Win 7 and Win 10. Just to make sure, do you have problems with saving the configuration after disabling protocol filtering for Thunderbird as suggested by itman in post https://forum.eset.com/topic/10109-ss-thunderbird-security-exception-not-saved/?p=52263 ? Still, the best would be to contact ISP to get the certificate fixed so that it's considered trusted by the system and applications. Link to comment Share on other sites More sharing options...
itman 1,758 Posted November 18, 2016 Share Posted November 18, 2016 (edited) I checked out a few things on the zipcon.net web site. For starters, it appears they don't official support TBird as an e-mail client. Next, for non-commercial regular e-mail, they only support POP and SMTP protocols. I saw no mention of allowed used of the secured versions of these protocols. For web hosting environments, note the following: About Zipcon Web Hosting Email Security You may POP your email off the web server using an encrypted connection. Just point your incoming/POP3 server to the secure server used for your web site. Then turn on the MS Outlook Express setting under Tools / Accounts / (double click the account) / Advanced: This server requires a secure connection (SSL) If you don't know which secure server you are using, please email us and we will return the information. When using the secure server as your incoming POP3 mail server, please be sure you to use your domain name as part of the incoming mail server account name (also called POP username). For instance, if you used mary as the account name or POP username and your domain is abc.com, you would now use mary@abc.com as the account name or POP username. Please do not use the secure (SSL) setting for your outgoing SMTP server. It will not work. Your outgoing SMTP server should be the mail server assigned to you by your ISP. If you are using Zipcon for your dial-up connection, it is mail.zipcon.net. Using SSL is highly recommended if you are retrieving private information like credit card numbers and having them deposited into your local mailbox. Since the local mailbox is actually on the web server, the information never has to leave the server in an unencrypted format. Ref.: hxxp://www.zipcon.net/domainemail.html Edited November 18, 2016 by itman Link to comment Share on other sites More sharing options...
zoltanthegypsy 1 Posted November 18, 2016 Author Share Posted November 18, 2016 If I turn off SSL filtering in ESET I can save an exception. Agreed that getting the ISP to fix the cert is the best option - but that's not possible. I've already had that conversation with them. My only hope at this point is to get ESET to fix the Windows 10 issue - or to turn off filtering. thanks again, Z. Link to comment Share on other sites More sharing options...
zoltanthegypsy 1 Posted November 18, 2016 Author Share Posted November 18, 2016 I checked out a few things on the zipcon.net web site. For starters, it appears they don't official support TBird as an e-mail client. ...Ref.: hxxp://www.zipcon.net/domainemail.html Dan hasn't changed his documentation in the 15+ years I've used Zipcon as my ISP. Tbird has been fine all that time, and is today - apart from this ESET/Win 10 issue. Link to comment Share on other sites More sharing options...
itman 1,758 Posted November 18, 2016 Share Posted November 18, 2016 (edited) As far as the constant re-adding of the Tbird cert. exception after boot, are you saving it correctly? It has to be added to the Servers tab and not the Root Authories tab as noted in no. 5 below. However creating a Tbird cert exception results in e-mail being received unencrypted. Don't know if that is what you want. Add security exception Alternatively, you can add a security exception. Note that this means that communication between Thunderbird and the mail server is not encrypted, and messages can therefore be intercepted and read by third parties. At the top of the Thunderbird window, click the Tools menu (Alt + T) and select Options…OptionsIn the menu bar, click the Thunderbird menu and select PreferencesAt the top of the Thunderbird window, click the Edit menu and select Preferences, or click the Application menu button and choose Options…OptionsPreferences. Click the Advanced panel, then click the Certificates tab. Click View Certificates, then click the Servers tab. Click Add Exception. Enter the server name and port as "https://[servername]:[port]"; for example https://pop.example.com:995 or https://smtp.example.com:465. Ref.: https://support.mozilla.org/en-US/kb/add-security-exception Edited November 18, 2016 by itman Link to comment Share on other sites More sharing options...
itman 1,758 Posted November 18, 2016 Share Posted November 18, 2016 (edited) I believe I found a solution to this problem. It all depends on if Eset's SSL cert. exception processing handles e-mail certificates in the same manner as it does for HTTPS traffic. Note the following. When you click on the "URL" button, a popup window will be displayed that is not shown in the below screen shot. Enter "zipcon.net" less the quote marks there. Then wait a bit for Eset to retrieve the the *.zipcon.net cert. as shown. Then set the action to "Ignore." Click OK, etc.. This should prevent Eset from scanning your e-mail traffic. You can verify that Eset is not scanning the e-mail traffic by opening up Eset's Protection Statistics -> E-mail. The count shown should be zero. -EDIT- Also your post #18 shows webhosting.zipcon.net certs.. If such a SSL cert. exist, you will have to have the provider export the cert. and e-mail it to you as a file. Then you can add it to Eset's cert. exceptions using the "File" versus "URL" option. Also excluding the certs. in Eset will not do anything to eliminate the TBird exception your receiving as shown in your #19 posting. Zipcon.net will have to add tahomatech.com to the *.zipcon.net certificate for that to happen. Edited November 19, 2016 by itman Link to comment Share on other sites More sharing options...
itman 1,758 Posted November 18, 2016 Share Posted November 18, 2016 (edited) FYI. Appears the problems at zipcon.net go a lot further than just an issue with their certificate which actually is OK. I ran a test at QUALS for their server. Test rankings are A through F with A the best rating and F, failure, the worst score. The MITM failure is quite serious. Here's the link if you wish to test it yourself: https://www.ssllabs.com/ssltest/ Edited November 18, 2016 by itman Link to comment Share on other sites More sharing options...
zoltanthegypsy 1 Posted December 6, 2016 Author Share Posted December 6, 2016 Very strange: things started working as they should (could save an exception) on all my Win 10 machines. That lasted about 10 days. Now they are all back to losing the saved exception on a reboot. Don't know if it was T-bird updates, ESET updates, Win 10 updates, or ???All my Win 7 machines continue to work as they should.I've seen the problem @ pop.att.yahoo.com as well as zipcon. Never mind whether the certs are bad or good. The problem is that I CAN'T SAVE AN EXCEPTION, even though I check the "save" box in the T-bird pop-up.Still hoping for more help/suggestions/sympathy,Z. Link to comment Share on other sites More sharing options...
Recommended Posts