email download in Thunderbird mail program version 78 affected by ESET Internet Security version 14 ?

[Aren 0]

Users of the latest version of Thunderbird mail program have reported problems in downloading their mail. Issues caused by ESET Internet Security version 14 has been identified as a common cause by many of these users. 

In the past 2 months I have three times had to reset the SLL/TLS protocol filtering in Advanced Set Up of my ESET antivirus program to enable my emails to download to Thunderbird. I am again experiencing this frustrating issue. This time the reset is not resolving the issue. 

On some Thunderbird forums, users are recommending to drop ESET altogether and move to other anti-virus software. ESET engineers should review the latest version of Thunderbird (ver 78.10) and ensure that ESET Internet Security is compatible with it !       

[Marcos 5,091]

Please carry on as follows:

1, Disable SSL filtering in the advanced setup.
2, In TB setup make sure that the ESET SSL Filter CA certificate doesn't appear in the Authorities tab:

3, With Thunderbird closed, re-enable SSL filtering.
4, Reboot the machine, just in case.
5, Check if the issue still occurs.

[itman 1,668]

I am using T-Bird ver. 78.10 with EIS ver. 14.0.22 on Win 10 20H2 and have encountered no issues for the IMAPS and POPS e-mail accounts I have set up. My only complaint is Eset e-mail SSL/TLS protocol scanning appears not to be scanning my AOL based IMAPS incoming traffic. Might be the reason why I am having no issues.🙄

[Aren 0]

Thanks Marcos. I did all that but unfortunately it did not solve my problem. After rebooting my PC and opening Thunderbird, I saw that it checked my mail server and told me that 132 email were waiting to be downloaded. But the "connection was reset" error message re-appeared, and no mail was downloaded. I checked that the ESET certificate had been re-installed (which it had) and took this screenshot just before that, so that you can see what that blocking message looks like (bottom right corner).

I don't even know what it means. What exactly is being "reset" ?

       

[Aren 0]

Hello ITMAN and Marcos,

I'm curious about the settings for itman's POP3 mail server and email account in Thunderbird. His set-up sounds similar to mine, except that I'm still using Windows 7 Professional. Maybe if I duplicate his mail settings, mine might start working again.... 

To deepen the mystery, my wife is having no problems at all with her mail downloads although her set-up is identical to mine, other than that she is using a POP3 mail server in Outlook 2013 rather than in Thunderbird. Here are our details:

 

We live in Fiji and are using the first mail domain to commence operation in Fiji when Internet first reached our shore: connect.com.fj This mail service is provided by Connect Fiji Limited, a subsidiary of Telecom Fiji Limited.

On the other hand, our Internet Service Provider is Vodafone Fiji Limited. In our small town Vodafone provide us with good high-speed wireless connectivity (via our Office router) whereas Telecom can only provide internet connectivity via copper cable. So we use Vodafone.

My wife and I both access the same email address via the same Office router (from Vodafone ISP). She and I both have similar Lenovo PC's, and both our PC's are operating Windows 7 Professional, Service Pack 1. Her version is 6.1.7601. My version is not displayed, but is probably the same. They are both 64-bit OS.

She is using MS Outlook 2013 (ver 15.0.5337.1000) (32-bit). Her Outlook is using POP3 Incoming Mail Server: pop3.connect.com.fj  via Port 110, and NO encrypted connections.

I'm using Thunderbird 78.10 (32-bit). I'm also using POP3 Incoming Mail Server: pop3.connect.com.fj  via Port 110, and with Connection Security Setting: NONE.

Both our computers share the same ESET (2-user) licence, and we are both using identical ESET Internet Security (ver 14.0.22.0).

Her mail settings and security settings all look pretty well identical to mine, except that her mail downloads smoothly, but my mail hasn't downloaded since April 20.  WHY ???

Maximum Frustration !

[Marcos 5,091]

Please carry on as follows:
- enable advanced network protection and protocol filtering logging in the adv. setup -> tools -> diagnostics
- launch Thunderbird and receive email to reproduce the issue
- disable advanced logging
- collect logs with ESET Log Collector and upload the generated archive here.

If you have a Gmail account, could you check if you can download email from Gmail via IMAP in TB?

[itman 1,668]

12 hours ago, Aren said:

I don't even know what it means. What exactly is being "reset" ?

Per Mozilla:

Quote

Reset implies the server explicitly dropped the connection.

http://forums.mozillazine.org/viewtopic.php?f=39&t=3055079

I will state this opinion. I don't believe the issue with your POP3 e-mail is Eset related. I will add some T-Bird related links at the end of this posting for reference. They all quote AV SSL/TLS protocol scanning by a couple AV vendors as a possible source.  Eset does not do the same for POP3 e-mail.

You posted this current issue started after the upgrade to the lasted T-Bird version. You also stated you are running Win 7. I therefore strongly suspect this is probably some network related issue/conflict with this new T-Bird ver. and Win 7.

The way to verify the above is to temporarily disable Eset POP3 e-mail scanning:

If this issue persists with Eset POP3 protocol scanning disabled, the issue is not caused by Eset. BTW - you should be using POP3S protocol for maximum e-mail secuirty so your e-mail cannot be read if intercepted en-route to you.

Additional refs.:

https://www.technipages.com/thunderbird-error-the-connection-to-server-was-reset

https://appuals.com/thunderbird-connection-was-reset-error/

 

Edited April 25, 2021 by itman

[Aren 0]

Thanks Marcos.  

I will attempt to collect the logs and load the archive as requested by Marcos. I have a Gmail account but I don't run that through TB. But I will see if I can figure out how to set that up, and then test mail download.   

Thanks for your guidance Itman.

I disabled POP3 scanning and the problem persisted. So it appears to be unrelated to ESET....(but see note below).

I sense that you may be right about the Win7 / TB upgrade conflict. The problem occurred the very next day after Thunderbird "Version 78.10.0 first offered to channel users on April 19, 2021".  

The connect.com.fj  mail-server technicians here in Fiji advised me today: "From Mailserver log we are seeing that ‘connection was reset by peer’ which would indicate that cause of reset was from email client."

But they said that TB is working fine for them, so they suspect that the problem lies with my PC.

On the other hand, further reading from your tech links mentioned this possibility: 

"If you’ve tried to log in a few times before and got denied, then your own server might have mistook you for a bad IP address.  This generally happens if you keep retrying the connection while troubleshooting, which is a rational response but it could look like an attack to the fail2ban subroutine."

I have certainly tried to connect MANY times in the past 6 days, so perhaps my mailserver is now banning me (!), before even recognising that I have changed settings...   So  I'm going to check that with our mail-server technicians here in Fiji.

 

   

[itman 1,668]

Do you have any T-Bird add-ons installed?

The problem may lie in one of those in regards to this new version. You can disable/uninstall those one by one testing each time if the connection reset issue is resolved. Then re-enable/install the add-ons that are not causing the issue.

[Aren 0]

I have NIL T-Bird add-ons.  Zilch. Never had any. I have always used very basic system, and it has worked well, until this latest version update.

[Marcos 5,091]

We've been waiting for logs requested above to find out what's going on. Please provide them when you have time.

[itman 1,668]

Here's something else to try.

As a test, add this IP address, 119.235.102.67 , which is the IP address for connect.com.fj to Eset Protocol Filtering's Excluded IP addresses per below screen shot. After adding and saving, verify the IP address was added.

Now attempt to access your e-mail via Thunderbird.

[Aren 0]

My apology Marcos. It's been a challenge and very time-consuming running our small business with our mail disabled.

I have collected the logs. I only activated T-Bird for a few minutes. But that Log Zip file is phenomenal !  71MB !!

Do you want me to upload that whole Zip file ? or just parts of it ?  I don't mind uploading it, if you don't mind.... 

[Aren 0]

Thanks for that test suggestion itman. And thanks for the support from you and Marcos. Much more than I am getting from the Thunderbird community. Seems there is an apathy or an unwillingness to accept that there is something wrong with the latest version of T-Bird. 

I tried your suggestion and placed the connect.com.fj IP address in the Excluded lIst and then activated T-Bird. It was hanging longer than usual, but then briefly flashed that there are 343 emails waiting to download before raising the same "connection reset" message and stopping dead. No emails came down.

Here's the latest screenshot. I also checked the IP Address of connect.com.fj using tracert, and saw that the connection route goes via our ISP Vodafone, through to Connect host TFL.  I've attached the image from command prompt in case it helps.

 

[Marcos 5,091]

You can either upload it here (only ESET staff can access uploaded files) or upload the archive to a safe location, e.g. OneDrive, DropBox, etc. and drop me a private message with a download link.

[Aren 0]

I've uploaded the log file Marcos. Let me know what you find.

For your interest I created a new email account in the same T-Bird program using our fijiland.com domain, which is hosted by Server101. It's a POP3 mail account, and there was no problem to get it running properly. It sends and receives mail without a hitch. 

But the connect.com.fj mail account remains blocked. It will not let me download my mail.

eis_logs.zip

[itman 1,668]

 

11 hours ago, Aren said:

I tried your suggestion and placed the connect.com.fj IP address in the Excluded lIst and then activated T-Bird. It was hanging longer than usual, but then briefly flashed that there are 343 emails waiting to download before raising the same "connection reset" message and stopping dead. No emails came down.

Also, add IP address, 202.137.178.55, to Eset Protocol Filtering's Excluded IP addresses and retest using Thunderbird.

Edited May 3, 2021 by itman

[itman 1,668]

3 hours ago, Aren said:

For your interest I created a new email account in the same T-Bird program using our fijiland.com domain, which is hosted by Server101. It's a POP3 mail account, and there was no problem to get it running properly. It sends and receives mail without a hitch. 

This also would be indicative that Eset is not the source of these connect.com.fj connection resets in Thunderbird. If Eset were the source, it would manifest with this new e-mail account.

FYI - I did a test for connect.com.fj using QUALS SSL Server web site. What was shown is this domain downloads an additional chain certificate. This activity is problematic to Eset SSL/TLS protocol scanning. 

Although a POP3 connection is being used for e-mail delivery, I believe initial HTTPS connections are being established with the domain to initiate the e-mail transfer. It is also possible that this connection is not being properly established/maintained resulting the connection reset. This is why I requested you to add the additional IP address posted above.

Edited May 3, 2021 by itman

[Marcos 5,091]

In this case SSL is not used at all, POP3 was used to download email and it looks like it was received ok and the connection was ended by the server (sent RST).

What happened:
The client connects to the server and authenticates (in an insecure way since it's POP3).
The client sends IDs of messages that should be deleted, the server responds with OK after each request.
The client sends a request to retrieve a specific email message.
The email message is downloaded.
After downloading the last data fragment the server abruptly terminates the connection by sending RST:

Normally it should wait for the client to send the QUIT command to which the server would respond with "OK bye" but this didn't happen.

That said, it looks like a problem on the server side. Just to make sure, you can try disabling POP3 scanning or protocol filtering completely. I expect the issue will persist.

[itman 1,668]

6 hours ago, Marcos said:

In this case SSL is not used at all, POP3 was used to download email and it looks like it was received ok and the connection was ended by the server (sent RST).

This is what I suspected initially and am agreement with the statement. The problem is the e-mail provider said the exact opposite. Per prior posting:

Quote

The connect.com.fj  mail-server technicians here in Fiji advised me today: "From Mailserver log we are seeing that ‘connection was reset by peer’ which would indicate that cause of reset was from email client."

But they said that TB is working fine for them, so they suspect that the problem lies with my PC.

 

[Marcos 5,091]

I would provide the ISP with a pcap log from Wireshark as a proof that the connection was terminated from the server side.

Anyway, I'd strongly recommend moving to POP3S/IMAPS since with POP3 it's easy for anyone to sniff the traffic and get your credentials to your email account.