Problems with thunderbird and IMAPS

[MaartenW 0]

I am having the same problem using Thunderbird 78.5.0 and EST Internet Security. It happens after sunday 15.00, detected monday morning.

Disabling SSL/TLS:

(Dutch:) Instellingen | Computerbeveiliging | Host Intrusion Prevention System |(Settings)| WEB EN E_MAIL

immediately allows receiving mail from 'private' suppliers as well as Gmail. No reboot was necessary.

It would be nice to be informed when this bug (ESET or Thunderbird?) is solved, so the security can be set back again.

Edited December 1, 2020 by MaartenW
specification start problems

[Kathryn 0]

Many thanks to Kveri! I reversed steps 3 and 4 and now it works:

1. Disable SSL filtering
2. Close Thunderbird
3. Launch Thunderbird
4. Re-enable SSL filtering.

[Marcos 5,074]

3 minutes ago, MaartenW said:

I am having the same problem using Thunderbird 78.5.0 and EST Internet Security. It happens after sunday 15.00, detected monday morning.

Didn't these instructions resolve the issue for you?

https://support.eset.com/en/kb7728

[Kathryn 0]

5 minutes ago, Kathryn said:

Many thanks to Kveri! I reversed steps 3 and 4 and now it works:

1. Disable SSL filtering
2. Close Thunderbird
3. Launch Thunderbird
4. Re-enable SSL filtering.

I've just tried to send some more emails with ssl filtering enabled and it again doesn't work. The emails are sent (I receive them on my android devices), but not saved in TB in the sent folder and I can't receive them using TB.

[itman 1,659]

To add to what @Marcoshas previously posted, I have encountered past incidences in Thunderbird where multiple Eset certificates existed in Thunderbird's Authorities certificate store. What I advise if this situation exists is the following.

First open Eset GUI and navigate to  SSL/TLS settings. Under the Root Certificate section, select View certificate. Note particulars about the Eset certificate such as Valid From Date, etc.. Next, return to Thunderbird's Authorities certificate store and delete all Eset certificates other than the current Eset certificate noted previously.

My speculation is when Thunderbird has multiple like root certificates installed, it will use the first one it encounters which in this case might not be the correct certificate.

[Kathryn 0]

Thank you itman. I'm not a very experienced user and I'm using a German version of the program, so I hope I've understood your instructions correctly. In Eset I see only one root certificate, valid starting 30 November 2020. In Thunderbird's Authorities certificate store I can also see only one certificate, which is valid until 6 June 2028, but with a start date of 9 June 2018. This would be the only one I can see to delete, and I'm not sure what would happen then, so I'm afraid to try it.

[itman 1,659]

30 minutes ago, Kathryn said:

Thank you itman. I'm not a very experienced user and I'm using a German version of the program, so I hope I've understood your instructions correctly. In Eset I see only one root certificate, valid starting 30 November 2020. In Thunderbird's Authorities certificate store I can also see only one certificate, which is valid until 6 June 2028, but with a start date of 9 June 2018. This would be the only one I can see to delete, and I'm not sure what would happen then, so I'm afraid to try it.

Very glad you posted this detail.

On my Win 10 Eset installation, my current Eset installation root certificate has a valid from date of 4/13/2020. This same certificate is the one installed in Thunderbird.

I also recently received the new Eset Internet protection module - ver. 1416.

In other words, no recent Eset root certificate updating has occurred.

I have no issues as far as Thunderbird goes.

Therefore, I draw the following conclusions:

1. There is a possible issue with this new certificate Eset recently issued.

2. It is possible that Thunderbird is now deferring to the Windows root CA certificate store even though the corresponding use of enterprise root certificates option is not enabled as is the case  currently in FireFox.

Edited December 1, 2020 by itman

[itman 1,659]

@Kathryn in your case, here's what I recommend:

1. Delete existing Eset certificate in Thunderbird Authorities certificate store.

2. Important! Close Thunderbird app.

3. Follow this procedure: https://support.eset.com/en/kb7728-unable-to-access-or-receive-emails-in-thunderbird-with-eset-product-installed which should repopulate Eset's current certificate into Thunderbird.

4. Open Thunderbird. Access Thunderbird Authorities certificate store and verify that the Eset certificate exists and its the one with a valid date from Nov. 30.

At this point, you should no longer have issues with Thunderbird.

Edited December 1, 2020 by itman

[Kathryn 0]

Many thanks for your precise instructions! I have followed them on both of my desktop computers and now everything works fine. The current eset certficate is also now visible in the Thunderbird Authorites certificate store. :)

[westslope 0]

3 hours ago, itman said:

@Kathryn in your case, here's what I recommend:

... see above ...

itman, your instructions worked!  Tusin tuck!  10^3 thanks!  

[itman 1,659]

Since what I posted has worked for at least two individuals with this problem, I will state what the Eset problem is.

First on select Eset installations, a new Eset root certificate was created as a result of this new network protection module update. Why this happened only on some devices, Eset needs to investigate. What I did observe on the day of the network module update was that an Eset module update was attempted on my device upon first system startup that day. This was odd to me since I have never observed an Eset module update running at boot time. At this time I checked my Eset Event log, but no recent module update was recorded there. Err ....... what? What I theorize is the network module was updated but the rest of the updating crapped out. Hence, no Thunderbird Eset root certificate update for lucky me!

The Thunderbird Eset root certificate issue.

Eset stores on each device a private key that is used by Eset root certificate. When Thunderbird tried to use the non-current Eset root certificate in its Authorities store, the private key needed was no longer available but it instead tried to use the private key associated with the Eset certificate that was recently updated and currently resident in the Window root CA certificate store.

Edited December 1, 2020 by itman

[itman 1,659]

@Marcosthere's a relatively simple solution to prevent this Thunderbird Eset certificate update issue from re-occuuring.

If Eset can't access Thunderbird because its currently in use, it suspends the update processing. It then generates an Eset alert instructing the user to terminate Thunderbird processing so the certificate update can proceed. Once Thunderbird is shutdown, then Eset resumes the certificate update processing. Once update processing completes, Eset generates another alert indicating it's OK to re-open Thunderbird.

Edited December 1, 2020 by itman

[RalphB 0]

14 hours ago, Kathryn said:

Many thanks to Kveri! I reversed steps 3 and 4 and now it works:

1. Disable SSL filtering
2. Close Thunderbird
3. Launch Thunderbird
4. Re-enable SSL filtering.

Thank you so much Kathryn. This worked for me. Spent most of the day on the phone with my ISP and checking Thunderbird settings, all with no luck. Then I stumbled upon this thread. 

[dleb 0]

The solutions mentioned above didn't work out for me.

I was able to solve it by deleting the password of the problematic imap email account stored in the Thunderbird Password Manager. My guess is that some files used by the password manager are corrupted.

Before you try to disable SSL etc. in Eset Security try to reset the password of the email account first, it is stored in the Password Manager of Thunderbird under Options > Privacy and Security > Saved Passwords.

Delete the password for the problematic imap email account. Overwriting the username and / or password will not work.

Then

1. check for new messages on the server and enter the password when prompted (*).
2. send a test email to the problematic imap email account (send a message to yourself) (*)

(*) Optional: enable the checkbox to store the password in the Password Manager

 

[EmkayPS 0]

On 12/1/2020 at 7:08 AM, Marcos said:

Didn't these instructions resolve the issue for you?

https://support.eset.com/en/kb7728

They did solve the problem, but it took several hours (that I'll never get back) of troubleshooting before I could point to NOD32 as the cause of the problem. I'm really disappointed that ESET made this change and pushed it out without testing.

A couple of weeks ago, NOD32 claimed an email message had the "HTML/Fraud.EK trojan." The message was plain text--no HTML content whatsoever! I reported it as a false positive, but ESET hasn't bothered to acknowledge this.

What is going on at ESET? We are losing productivity. From now on, should I assume that any issues with my email are due to NOD32, not to servers and networking?

[Marcos 5,074]

9 minutes ago, EmkayPS said:

They did solve the problem, but it took several hours (that I'll never get back) of troubleshooting before I could point to NOD32 as the cause of the problem. I'm really disappointed that ESET made this change and pushed it out without testing.

We didn't make any change that would have caused this issue. Please read my explanation with preliminary findings at https://forum.eset.com/topic/26517-problems-with-thunderbird-and-imaps/?tab=comments#comment-125459. Investigation is ongoing.

 

Quote

A couple of weeks ago, NOD32 claimed an email message had the "HTML/Fraud.EK trojan." The message was plain text--no HTML content whatsoever! I reported it as a false positive, but ESET hasn't bothered to acknowledge this.

The HTML/Fraud.EK detection is correct. It's a detection of scam email similar to this one:

[nkcoll 0]

Morning all, Apologies first off, I am not techy and so I'm not understanding all the posts ref NOD32 etc, but currently the only way I can receive my work related GMails is by switching off Protocol Filtering and SSL. As you can see from the screenshot, it is still switched off now. As soon as I enable it again, I stop receiving my emails.

Please can someone let me know (in layman terms!) what I can do now? Or is it a matter of me having to keep these settings disabled long term - which seems like madness!

 

[Marcos 5,074]

9 minutes ago, nkcoll said:

Morning all, Apologies first off, I am not techy and so I'm not understanding all the posts ref NOD32 etc, but currently the only way I can receive my work related GMails is by switching off Protocol Filtering and SSL. As you can see from the screenshot, it is still switched off now. As soon as I enable it again, I stop receiving my emails.

Please can someone let me know (in layman terms!) what I can do now? Or is it a matter of me having to keep these settings disabled long term - which seems like madness!

 

This solution didn't work you? https://support.eset.com/en/kb7728

Note that SSL filtering must be re-enabled when Thunderbird is not running. We recommend to re-enable immediately after Windows starts.

[nkcoll 0]

Hi Marcos - Thank you for replying. Yes, I've tried this a couple of times, including shutting down completely and then enabling the setting just after the re-start and before Thundirbird is open. I send a test email and while it is enabled, it doesn't come through and as soon as I have disabled Protocol Filtering, its comes through. 

 

Edited December 3, 2020 by nkcoll

[Marcos 5,074]

17 minutes ago, nkcoll said:

Hi Marcos - Thank you for replying. Yes, I've tried this a couple of times, including shutting down completely and then enabling the setting just after the re-start and before Thundirbird is open. I send a test email and while it is enabled, it doesn't come through and as soon as I have disabled Protocol Filtering, its comes through.

If you disable SSL filtering, is the ESET SSL Filter CA certificate removed from the Authorities panel? And is it added after you re-enable SSL filtering?

[Marjo 0]

I have the same problem connecting Thunderbird to Gmail, fortunately Mozilla support advised me to disable SSL in NOD32 security, so it is temporarely fixed.
Hope to get an update from ESET soon

[nkcoll 0]

43 minutes ago, Marcos said:

If you disable SSL filtering, is the ESET SSL Filter CA certificate removed from the Authorities panel? And is it added after you re-enable SSL filtering?

Hi Marcos - please can you tell me where I find the Certificate Manager section?

[Marcos 5,074]

 

1 hour ago, nkcoll said:

Hi Marcos - please can you tell me where I find the Certificate Manager section?

 

 

[Marcos 5,074]

1 hour ago, Marjo said:

I have the same problem connecting Thunderbird to Gmail, fortunately Mozilla support advised me to disable SSL in NOD32 security, so it is temporarely fixed.
Hope to get an update from ESET soon

SSL filtering should not stay disabled, otherwise received email will not be scanned for threats.

Turning off SSL filtering and then turning it on would re-import the root certificate and resolve the issue.

[nkcoll 0]

8 hours ago, Marcos said:

SSL filtering should not stay disabled, otherwise received email will not be scanned for threats.

Turning off SSL filtering and then turning it on would re-import the root certificate and resolve the issue.

Hi Marcos, I have now checked my certificates, and with SSL disabled, the ESET SSL Filter CA is still present. Do I need to delete it?

Edited December 3, 2020 by nkcoll