Jump to content

SS & Thunderbird Security Exception Not Saved


Recommended Posts

  • Administrators

Marcos, I understand that I will get the warning regardless of ESET's presence.  The thing is, if I disable SSL scanning I only get the warning ONCE.  I select the "permanently store this exception" and I never see it again. That's with both Win 7 and Win 10.

 

Just to make sure, do you have problems with saving the configuration after disabling protocol filtering for Thunderbird as suggested by itman in post https://forum.eset.com/topic/10109-ss-thunderbird-security-exception-not-saved/?p=52263 ? Still, the best would be to contact ISP to get the certificate fixed so that it's considered trusted by the system and applications.
Link to comment
Share on other sites

I checked out a few things on the zipcon.net web site. For starters, it appears they don't official support TBird as an e-mail client.

 

Next, for non-commercial regular e-mail, they only support POP and SMTP protocols. I saw no mention of allowed used of the secured versions of these protocols.

 

For web hosting environments, note the following:

 

About Zipcon Web Hosting

 

Email Security


You may POP your email off the web server using an encrypted connection. Just point your incoming/POP3 server to the secure server used for your web site. Then turn on the MS Outlook Express setting under Tools / Accounts / (double click the account) / Advanced: This server requires a secure connection (SSL)

 

 If you don't know which secure server you are using, please email us and we will return the information.

 

 When using the secure server as your incoming POP3 mail server, please be sure you to use your domain name as part of the incoming mail server account name (also called POP username). For instance, if you used mary as the account name or POP username and your domain is abc.com, you would now use mary@abc.com as the account name or POP username.

 

Please do not use the secure (SSL) setting for your outgoing SMTP server. It will not work. Your outgoing SMTP server should be the mail server assigned to you by your ISP. If you are using Zipcon for your dial-up connection, it is mail.zipcon.net.

 

Using SSL is highly recommended if you are retrieving private information like credit card numbers and having them deposited into your local mailbox. Since the local mailbox is actually on the web server, the information never has to leave the server in an unencrypted format.

 

Ref.: hxxp://www.zipcon.net/domainemail.html

Edited by itman
Link to comment
Share on other sites

If I turn off SSL filtering in ESET I can save an exception.

 

Agreed that getting the ISP to fix the cert is the best option - but that's not possible.  I've already had that conversation with them.

 

My only hope at this point is to get ESET to fix the Windows 10 issue - or to turn off filtering.

 

thanks again,

Z.

Link to comment
Share on other sites

I checked out a few things on the zipcon.net web site. For starters, it appears they don't official support TBird as an e-mail client.

 

...

Ref.: hxxp://www.zipcon.net/domainemail.html

 

Dan hasn't changed his documentation in the 15+ years I've used Zipcon as my ISP.  Tbird has been fine all that time, and is today - apart from this ESET/Win 10 issue.

Link to comment
Share on other sites

As far as the constant re-adding of the Tbird cert. exception after boot, are you saving it correctly? It has to be added to the Servers tab and not the Root Authories tab  as noted in no. 5 below. However creating a Tbird cert exception results in e-mail being received unencrypted. Don't know if that is what you want.

 

Add security exception

 

Alternatively, you can add a security exception. Note that this means that communication between Thunderbird and the mail server is not encrypted, and messages can therefore be intercepted and read by third parties.

  1. At the top of the Thunderbird window, click the Tools menu (Alt + T) and select Options…OptionsIn the menu bar, click the Thunderbird menu and select PreferencesAt the top of the Thunderbird window, click the Edit menu and select Preferences, or click the Application menu button 2014-01-10-13-08-08-f52b8c.png and choose Options…OptionsPreferences.
  2. Click the Advanced panel, then click the Certificates tab.
  3. Click View Certificates, then click the Servers tab.
  4. Click Add Exception.
  5. Enter the server name and port as "https://[servername]:[port]"; for example https://pop.example.com:995 or https://smtp.example.com:465.

Ref.: https://support.mozilla.org/en-US/kb/add-security-exception

 



Edited by itman
Link to comment
Share on other sites

I believe I found a solution to this problem. It all depends on if Eset's SSL cert. exception processing handles e-mail certificates in the same manner as it does for HTTPS traffic.

 

Note the following. When you click on the "URL" button, a popup window will be displayed that is not shown in the below screen shot. Enter "zipcon.net" less the quote marks there. Then wait a bit for Eset to retrieve the the *.zipcon.net cert. as shown. Then set the action to "Ignore." Click OK, etc..

 

This should prevent Eset from scanning your e-mail traffic. You can verify that Eset is not scanning the e-mail traffic by opening up Eset's Protection Statistics -> E-mail. The count shown should be zero.

 

-EDIT- Also your post #18 shows webhosting.zipcon.net certs.. If such a SSL cert. exist, you will have to have the provider export the cert. and e-mail it to you as a file. Then you can add it to Eset's cert. exceptions using the "File" versus "URL" option. 

 

Also excluding the certs. in Eset will not do anything to eliminate the TBird exception your receiving as shown in your #19 posting. Zipcon.net will have to add tahomatech.com to the *.zipcon.net certificate for that to happen.

 

post-6784-0-21734500-1479490770_thumb.png  

Edited by itman
Link to comment
Share on other sites

FYI.

 

Appears the problems at zipcon.net go a lot further than just an issue with their certificate which actually is OK. I ran a test at QUALS for their server. Test rankings are A through F with A the best rating and F, failure, the worst score. The MITM failure is quite serious. Here's the link if you wish to test it yourself: https://www.ssllabs.com/ssltest/

 

post-6784-0-61896000-1479498940_thumb.png

Edited by itman
Link to comment
Share on other sites

  • 3 weeks later...

Very strange:  things started working as they should (could save an exception) on all my Win 10 machines.  That lasted about 10 days.  Now they are all back to losing the saved exception on a reboot.  Don't know if it was T-bird updates, ESET updates, Win 10 updates, or ???

All my Win 7 machines continue to work as they should.

I've seen the problem @ pop.att.yahoo.com as well as zipcon.  Never mind whether the certs are bad or good.  The problem is that I CAN'T SAVE AN EXCEPTION, even though I check the "save" box in the T-bird pop-up.

Still hoping for more help/suggestions/sympathy,

Z.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...