After October 10 update, Thunderbird does not retrieve / download mail for non standard settings for vikingsword.com account
I have the same issue and behavior reported in question 1468895 following update 128.3.1esr.
When I "get new mail," another account processes and my main one does nothing with no status message display. It used to be that when "nothing" happened, I would try again and be asked to confirm a security exception and then it worked again.
A tablet pc I use for travel with the same update continues to download mail for this account, though more hesitatingly than it did.
The error console shows: NotFoundError: No such JSProcessActor 'BrowserToolboxDevToolsProcess' pop3.server1.4: SecurityError: a SecurityCertificate error occurred Pop3Client.sys.mjs:380:18 pop3.server1.4: SecurityError info: SSL_ERROR_BAD_CERT_DOMAIN Pop3Client.sys.mjs:422:20 pop3.server1.4: SecurityError cert chain: securepop.siteprotect.com; serial# 20:C8:AF:E0:B1:95:42:48:9C:C8:21:21:4A:87:89:B8 <- Avast Web/Mail Shield Root; serial# 4D:D7:A4:81:AF:9D:DF:4D:8F:45:D8:21:07:23:2D:0A Pop3Client.sys.mjs:427:22 tb.account.size_on_disk - Truncating float/double number. 2
I turned off the antivirus email feature and then it read: NotFoundError: No such JSProcessActor 'BrowserToolboxDevToolsProcess' pop3.server1.4: SecurityError: a SecurityCertificate error occurred Pop3Client.sys.mjs:380:18 pop3.server1.4: SecurityError info: SSL_ERROR_BAD_CERT_DOMAIN Pop3Client.sys.mjs:422:20 pop3.server1.4: SecurityError cert chain: securepop.siteprotect.com; serial# 0F:F0:5D:99:50:38:74:73:10:57:9F:F7:75:85:06:4A <- GeoTrust TLS RSA CA G1; serial# 0D:07:78:2A:13:3F:C6:F9:A5:72:96:E1:31:FF:D1:79 Pop3Client.sys.mjs:427:22
Gewysig op
Gekose oplossing
I see so many non standard settings for vikingsword.com that I figure there is a need to revert to fundamentals.
The domain viking sword.com appear to be registered by the following company for an undisclosed individual or organization. Domainpeople Inc Located in: Bentall 5 Address: Bentall 5, 550 Burrard St, Vancouver, BC V6C 3A8, Canada Hours: Open 24 hours Phone: +1 604-639-1680 Province: British Columbia
So I tested the mail server provided https://www.immuniweb.com/ssl/pop.vikingsword.com/SkDpDzvL/
Surprise surprise the server sends no certificates on the 110 port. Not really surprising as 110 is an unencrypted pop port, but as there are no certificates there can be no SSL/TLS/STARTTLS. Your only choice with that server is "connection security none". So your configuration is destined for failure.
Testing the outgoing server yielded a slightly more positive result https://www.immuniweb.com/ssl/smtp.vikingsword.com/6NzOxuPC/ in that the SMTP server is issuing a certificate, but the bad news is it is for DNS:securesmtp.siteprotect.com, DNS:smtp.siteprotect.com I do not know who siteprotect are, but they are not vikingsword.com. You might be able to use this certificate if you add appropriate exceptions in Thunderbird.
So #1 and #4 both need to to reappraise the connection encryption. Unless you provider offers encrypted connections on another port you need to drop it. It is not supported by your provider.
You need to change the outgoing server in your road runner account to the one supported by Spectrum. Ergo
Outgoing mail server (SMTP): mail.twc.com Outgoing server port: 587 Connection Security: STARTLS Authentication Method: Normal Password User name : full email address
Next you need to look at who is providing your internet access. Historically road runner and TWC did not allow you to send mail unless you connected to the internet using their service. Was a royal pain for those popping to Florida for a break, they ended up here complaining their mail was broken, they could not send. It is possible that limitation extends to Spectrum. It is one of the things with legacy items. Nothing is really understood by the provider as they inherited the setup, let alone those trying to interpret their procedures.
Note this part well. A VPN is also going to cause sending where this sort of checking is active as it hides who you are connected to the internet with. That is it's whole purpose. VPN's have their place, but email with US based ISP's is not one of them.
Lees dié antwoord in konteks 👍 0All Replies (13)
Avast describe the problem as "The Mail Shield in Avast uses advanced scanning method for incoming and outgoing e-mails over SSL/TLS secured connections".
The reality is they perform a man in the middle hack of your connection using SSL certificates by making themselves a top level certifying authority. As Thunderbird, like all quality mail clients, maintains it's own certificate store the Avast hack does not work. There are instructions on the Avast site explaining how to make them a trusted certificate authority. If you want to go that route, I'd hope you do have a lot of faith in Avast. https://support.avast.com/en-ww/article/91/#artTitle
Alternatively I'd disable Mail Shield in Avast, or get rid of Avast altogether and stick with Windows Defender. It can't be a good thing to allow them to spy on all your encrypted communication with the mail server.
Thank you. Unfortunately, removing Avast entirely has not corrected the problem:
----removed Avast entirely, rebooted, running naked: pop3.server1.1: SecurityError: a SecurityCertificate error occurred Pop3Client.sys.mjs:380:18 pop3.server1.1: SecurityError info: SSL_ERROR_BAD_CERT_DOMAIN Pop3Client.sys.mjs:422:20 pop3.server1.1: SecurityError cert chain: securepop.siteprotect.com; serial# 0F:F0:5D:99:50:38:74:73:10:57:9F:F7:75:85:06:4A <- GeoTrust TLS RSA CA G1; serial# 0D:07:78:2A:13:3F:C6:F9:A5:72:96:E1:31:FF:D1:79 Pop3Client.sys.mjs:427:22 pop3.server4.3: SecurityError: a SecurityCertificate error occurred Pop3Client.sys.mjs:380:18 pop3.server4.3: SecurityError info: SSL_ERROR_BAD_CERT_DOMAIN Pop3Client.sys.mjs:422:20 pop3.server4.3: SecurityError cert chain: securepop.siteprotect.com; serial# 0F:F0:5D:99:50:38:74:73:10:57:9F:F7:75:85:06:4A <- GeoTrust TLS RSA CA G1; serial# 0D:07:78:2A:13:3F:C6:F9:A5:72:96:E1:31:FF:D1:79 Pop3Client.sys.mjs:427:22
----enabled Windows Defender, rebooted: pop3.server1.1: SecurityError: a SecurityCertificate error occurred Pop3Client.sys.mjs:380:18 pop3.server1.1: SecurityError info: SSL_ERROR_BAD_CERT_DOMAIN Pop3Client.sys.mjs:422:20 pop3.server1.1: SecurityError cert chain: securepop.siteprotect.com; serial# 0F:F0:5D:99:50:38:74:73:10:57:9F:F7:75:85:06:4A <- GeoTrust TLS RSA CA G1; serial# 0D:07:78:2A:13:3F:C6:F9:A5:72:96:E1:31:FF:D1:79 Pop3Client.sys.mjs:427:22 pop3.server4.3: SecurityError: a SecurityCertificate error occurred Pop3Client.sys.mjs:380:18 pop3.server4.3: SecurityError info: SSL_ERROR_BAD_CERT_DOMAIN Pop3Client.sys.mjs:422:20 pop3.server4.3: SecurityError cert chain: securepop.siteprotect.com; serial# 0F:F0:5D:99:50:38:74:73:10:57:9F:F7:75:85:06:4A <- GeoTrust TLS RSA CA G1; serial# 0D:07:78:2A:13:3F:C6:F9:A5:72:96:E1:31:FF:D1:79 Pop3Client.sys.mjs:427:22
So I went to the Avast article linked above and got the bright idea of deleting the named certificate(s) from the list. This shortened the error message list, though the "GeoTrust TLS RSA CA G1" continues to show up in the errors:
----whacked the certificates in TB settings matching GeoTrust TLS RSA CA G1
NotFoundError: No such JSProcessActor 'BrowserToolboxDevToolsProcess'
pop3.server1.12: SecurityError: a SecurityCertificate error occurred Pop3Client.sys.mjs:380:18 pop3.server1.12: SecurityError info: SSL_ERROR_BAD_CERT_DOMAIN Pop3Client.sys.mjs:422:20 pop3.server1.12: SecurityError cert chain: securepop.siteprotect.com; serial# 0F:F0:5D:99:50:38:74:73:10:57:9F:F7:75:85:06:4A <- GeoTrust TLS RSA CA G1; serial# 0D:07:78:2A:13:3F:C6:F9:A5:72:96:E1:31:FF:D1:79 Pop3Client.sys.mjs:427:22
-----Selected "ask me every time" ---> no download, no dialog and these same errors: pop3.server1.13: SecurityError: a SecurityCertificate error occurred Pop3Client.sys.mjs:380:18 pop3.server1.13: SecurityError info: SSL_ERROR_BAD_CERT_DOMAIN Pop3Client.sys.mjs:422:20 pop3.server1.13: SecurityError cert chain: securepop.siteprotect.com; serial# 0F:F0:5D:99:50:38:74:73:10:57:9F:F7:75:85:06:4A <- GeoTrust TLS RSA CA G1; serial# 0D:07:78:2A:13:3F:C6:F9:A5:72:96:E1:31:FF:D1:79 Pop3Client.sys.mjs:427:22
So siteprotect.com is your email provider? From those logs it looks like they do use GeoTrust as their Certificate Authority, which sounds reasonable. Did siteprotect.com recently renew their certificate? Do you still get a certificate exception prompt? If so, please post a screenshot. https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem
Can you also post your Troubleshooting Information please? At the top right of the Thunderbird window, click the menu button ≡, then select Help > More Troubleshooting Information. Press the "Copy text to clipboard button" and paste the information into your reply.
Gewysig op
So, I exported the certificate from the working installation on my tablet PC and imported it into the troubled machine. No change in the error console message and no prompts or test at all when I "Get new mail for."
Here is the requested troubleshooting information:
Application Basics
Name: Thunderbird Version: 128.3.1esr Build ID: 20241009142959 Distribution ID:
Update Channel: esr User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Thunderbird/128.3.1 OS: Windows_NT 10.0 19045 OS Theme:
Launcher Process: Enabled Multiprocess Windows: 0/0 Fission Windows: 0/0 Enabled by default Remote Processes: 1 Enterprise Policies: Inactive Google Location Service Key: Missing Google Safebrowsing Key: Missing Mozilla Location Service Key: Missing Safe Mode: false Memory Size (RAM): 15.9 GB Disk Space Available: 138 GB
Mail and News Accounts account1: INCOMING: account1, , (pop3) pop.vikingsword.com:110, alwaysSTARTTLS, passwordCleartext OUTGOING: , smtp.vikingsword.com:587, alwaysSTARTTLS, passwordEncrypted, true
account2: INCOMING: account2, , (none) Local Folders, 0, passwordCleartext
account3: INCOMING: account3, , (pop3) mail.twc.com:995, SSL, passwordCleartext OUTGOING: , smtp-server.twcny.rr.com:587, 0, 1, true
account4: INCOMING: account4, , (pop3) pop.vikingsword.com:110, alwaysSTARTTLS, passwordCleartext OUTGOING: , smtp.vikingsword.com:587, alwaysSTARTTLS, passwordEncrypted, true
Libraries
Library Status Expected minimum version Version in use Path
RNP (OpenPGP) OK 0.17.1 0.17.1.MZLA.128.3.1esr.botan C:\Program Files (x86)\Mozilla Thunderbird\rnp.dll
OTR Failed to load. OTR chat encryption will not work. - - -
Calendar Settings
Work
Name Value
Name: Type: storage Disabled: Username: URI: Refresh Interval: Read-only: Suppress Alarms: Cache Enabled: false iMIP Identity: id1 iMIP Disabled: iMIP Account: Organizer Id: Force Email Scheduling: Popup Alarms Supported: Alarms on Invitation Supported: Max Alarms Per Event: Attachment Supported: Max Categories: Privacy State Supported: Priority Supported: true Event Supported: Task Supported: Local Time Supported: UTC/GMT Supported: Auto-Scheduling Supported:
Other
Name Value
Name: Type: storage Disabled: false Username: URI: Refresh Interval: Read-only: false Suppress Alarms: false Cache Enabled: false iMIP Identity: id1 iMIP Disabled: iMIP Account: Organizer Id: Force Email Scheduling: Popup Alarms Supported: Alarms on Invitation Supported: Max Alarms Per Event: Attachment Supported: Max Categories: Privacy State Supported: Priority Supported: true Event Supported: Task Supported: Local Time Supported: UTC/GMT Supported: Auto-Scheduling Supported:
Home
Name Value
Name: Type: storage Disabled: Username: URI: Refresh Interval: Read-only: Suppress Alarms: Cache Enabled: iMIP Identity: id1 iMIP Disabled: iMIP Account: Organizer Id: Force Email Scheduling: Popup Alarms Supported: Alarms on Invitation Supported: Max Alarms Per Event: Attachment Supported: Max Categories: Privacy State Supported: Priority Supported: true Event Supported: Task Supported: Local Time Supported: UTC/GMT Supported: Auto-Scheduling Supported:
Play
Name Value
Name: Type: storage Disabled: Username: URI: Refresh Interval: Read-only: Suppress Alarms: Cache Enabled: false iMIP Identity: id1 iMIP Disabled: iMIP Account: Organizer Id: Force Email Scheduling: Popup Alarms Supported: Alarms on Invitation Supported: Max Alarms Per Event: Attachment Supported: Max Categories: Privacy State Supported: Priority Supported: true Event Supported: Task Supported: Local Time Supported: UTC/GMT Supported: Auto-Scheduling Supported:
Medical
Name Value
Name: Type: storage Disabled: Username: URI: Refresh Interval: Read-only: Suppress Alarms: Cache Enabled: false iMIP Identity: id1 iMIP Disabled: iMIP Account: Organizer Id: Force Email Scheduling: Popup Alarms Supported: Alarms on Invitation Supported: Max Alarms Per Event: Attachment Supported: Max Categories: Privacy State Supported: Priority Supported: true Event Supported: Task Supported: Local Time Supported: UTC/GMT Supported: Auto-Scheduling Supported:
Crash Reports for the Last 3 Days
Remote Processes
Type: Count
GPU: 1
Add-ons
Name Type Version Enabled ID
System theme — auto theme 1.3 true default-theme@mozilla.org
Amazon.com extension 1.1 false amazondotcom@search.mozilla.org
Bing extension 1.0 false bing@search.mozilla.org
DuckDuckGo extension 1.0 false ddg@search.mozilla.org
Google extension 1.0 false google@search.mozilla.org
Wikipedia (en) extension 1.0 false wikipedia@search.mozilla.org
Dark theme 1.3 false thunderbird-compact-dark@mozilla.org
Light theme 1.3 false thunderbird-compact-light@mozilla.org
Security Software
Type: Name
Antivirus: Microsoft Defender Antivirus Antispyware: Firewall: Windows Firewall
Legacy User Stylesheets
Active: false Stylesheets: No stylesheets found
and the rest:
Graphics
Features Compositing: WebRender Font Visibility Debug Info: Windows Platform Asynchronous Pan/Zoom: wheel input enabled; scrollbar drag enabled; keyboard enabled; autoscroll enabled; smooth pinch-zoom enabled WebGL 1 Driver WSI Info: outOfProcess: false
inProcess: true EGL_VENDOR: Google Inc. (NVIDIA) EGL_VERSION: 1.5 (ANGLE 2.1.19739 git hash: 419cd2c3213b) EGL_EXTENSIONS: EGL_EXT_create_context_robustness EGL_ANGLE_d3d_share_handle_client_buffer EGL_ANGLE_d3d_texture_client_buffer EGL_ANGLE_surface_d3d_texture_2d_share_handle EGL_ANGLE_query_surface_pointer EGL_ANGLE_window_fixed_size EGL_ANGLE_keyed_mutex EGL_ANGLE_surface_orientation EGL_ANGLE_direct_composition EGL_ANGLE_windows_ui_composition EGL_NV_post_sub_buffer EGL_KHR_create_context EGL_KHR_image EGL_KHR_image_base EGL_KHR_gl_texture_2D_image EGL_KHR_gl_texture_cubemap_image EGL_KHR_gl_renderbuffer_image EGL_KHR_get_all_proc_addresses EGL_KHR_stream EGL_KHR_stream_consumer_gltexture EGL_NV_stream_consumer_gltexture_yuv EGL_ANGLE_stream_producer_d3d_texture EGL_ANGLE_create_context_webgl_compatibility EGL_CHROMIUM_create_context_bind_generates_resource EGL_CHROMIUM_sync_control EGL_EXT_pixel_format_float EGL_KHR_surfaceless_context EGL_ANGLE_display_texture_share_group EGL_ANGLE_display_semaphore_share_group EGL_ANGLE_create_context_client_arrays EGL_ANGLE_program_cache_control EGL_ANGLE_robust_resource_initialization EGL_ANGLE_create_context_extensions_enabled EGL_ANDROID_blob_cache EGL_ANDROID_recordable EGL_ANGLE_image_d3d11_texture EGL_ANGLE_create_context_backwards_compatible EGL_KHR_no_config_context EGL_KHR_create_context_no_error EGL_KHR_reusable_sync EGL_EXTENSIONS(nullptr): EGL_EXT_client_extensions EGL_EXT_device_query EGL_EXT_platform_base EGL_EXT_platform_device EGL_ANGLE_platform_angle EGL_ANGLE_platform_angle_d3d EGL_ANGLE_platform_angle_d3d11on12 EGL_ANGLE_platform_angle_device_id EGL_ANGLE_device_creation EGL_ANGLE_device_creation_d3d11 EGL_ANGLE_experimental_present_path EGL_KHR_client_get_all_proc_addresses EGL_KHR_debug EGL_ANGLE_feature_control
WebGL 1 Driver Renderer: Google Inc. (NVIDIA) -- ANGLE (NVIDIA, NVIDIA GeForce GTX 1050 Ti Direct3D11 vs_5_0 ps_5_0, D3D11-31.0.15.3623) WebGL 1 Driver Version: OpenGL ES 2.0.0 (ANGLE 2.1.19739 git hash: 419cd2c3213b) WebGL 1 Driver Extensions: GL_AMD_performance_monitor GL_ANGLE_base_vertex_base_instance GL_ANGLE_base_vertex_base_instance_shader_builtin GL_ANGLE_client_arrays GL_ANGLE_depth_texture GL_ANGLE_framebuffer_blit GL_ANGLE_framebuffer_multisample GL_ANGLE_get_serialized_context_string GL_ANGLE_get_tex_level_parameter GL_ANGLE_instanced_arrays GL_ANGLE_lossy_etc_decode GL_ANGLE_memory_size GL_ANGLE_multi_draw GL_ANGLE_pack_reverse_row_order GL_ANGLE_program_cache_control GL_ANGLE_provoking_vertex GL_ANGLE_request_extension GL_ANGLE_robust_client_memory GL_ANGLE_texture_compression_dxt3 GL_ANGLE_texture_compression_dxt5 GL_ANGLE_texture_usage GL_ANGLE_translated_shader_source GL_CHROMIUM_bind_generates_resource GL_CHROMIUM_bind_uniform_location GL_CHROMIUM_color_buffer_float_rgb GL_CHROMIUM_color_buffer_float_rgba GL_CHROMIUM_copy_compressed_texture GL_CHROMIUM_copy_texture GL_CHROMIUM_lose_context GL_CHROMIUM_sync_query GL_EXT_EGL_imag
Mail and News Accounts
account1: INCOMING: account1, , (pop3) pop.vikingsword.com:110, alwaysSTARTTLS, passwordCleartext OUTGOING: , smtp.vikingsword.com:587, alwaysSTARTTLS, passwordEncrypted, true
account2: INCOMING: account2, , (none) Local Folders, 0, passwordCleartext
account3: INCOMING: account3, , (pop3) mail.twc.com:995, SSL, passwordCleartext OUTGOING: , smtp-server.twcny.rr.com:587, 0, 1, true
account4: INCOMING: account4, , (pop3) pop.vikingsword.com:110, alwaysSTARTTLS, passwordCleartext OUTGOING: , smtp.vikingsword.com:587, alwaysSTARTTLS, passwordEncrypted, true
The Account Settings show the SMTP servers are using:
'Authentication Method: passwordEncrypted'
Is that correct ? It usually uses 'Normal Password'.
However, you mention one accountis not working but have not said which account is not working.
account3: INCOMING: account3, , (pop3) mail.twc.com:995, SSL, passwordCleartext OUTGOING: , smtp-server.twcny.rr.com:587, 0, 1, true
What comes after the @ in the email address for this account.
https://www.spectrum.net/support/internet/email-settings It says..twcny.rr.com should be using mail.twc.com
these are setting to use. POP
- The incoming mail server: mail.twc.com
- Incoming server port:995
- Connection Security:SSL/TLS
- Authentication Method: Normal Password
- User name : full email address
SMTP
- Outgoing mail server (SMTP): mail.twc.com
- Outgoing server port: 587
- Connection Security: STARTLS
- Authentication Method: Normal Password
- User name : full email address
Thank you.
#1 and #4 are both targeting the same Hostway server (with @vikingsword.com following the username in both instances) and both of these are not working for receiving mail. (#1 was tested and will send mail).
Looking at account server settings from the panel on the left side for both of these accounts (#1 and #4), 'Normal Password' is shown as is STARTLS.
- 3 has @twcny.rr.com following the username. Receiving works but sending on this one has not worked for a long time and went bad sometime after Spectrum took over from Time Warner Road Runner. I tried the settings suggested above, but it still rejects outgoing mail complaining the username is wrong and I am pretty sure this is a Spectrum problem rather than TB.
Gekose oplossing
I see so many non standard settings for vikingsword.com that I figure there is a need to revert to fundamentals.
The domain viking sword.com appear to be registered by the following company for an undisclosed individual or organization. Domainpeople Inc Located in: Bentall 5 Address: Bentall 5, 550 Burrard St, Vancouver, BC V6C 3A8, Canada Hours: Open 24 hours Phone: +1 604-639-1680 Province: British Columbia
So I tested the mail server provided https://www.immuniweb.com/ssl/pop.vikingsword.com/SkDpDzvL/
Surprise surprise the server sends no certificates on the 110 port. Not really surprising as 110 is an unencrypted pop port, but as there are no certificates there can be no SSL/TLS/STARTTLS. Your only choice with that server is "connection security none". So your configuration is destined for failure.
Testing the outgoing server yielded a slightly more positive result https://www.immuniweb.com/ssl/smtp.vikingsword.com/6NzOxuPC/ in that the SMTP server is issuing a certificate, but the bad news is it is for DNS:securesmtp.siteprotect.com, DNS:smtp.siteprotect.com I do not know who siteprotect are, but they are not vikingsword.com. You might be able to use this certificate if you add appropriate exceptions in Thunderbird.
So #1 and #4 both need to to reappraise the connection encryption. Unless you provider offers encrypted connections on another port you need to drop it. It is not supported by your provider.
You need to change the outgoing server in your road runner account to the one supported by Spectrum. Ergo
Outgoing mail server (SMTP): mail.twc.com Outgoing server port: 587 Connection Security: STARTLS Authentication Method: Normal Password User name : full email address
Next you need to look at who is providing your internet access. Historically road runner and TWC did not allow you to send mail unless you connected to the internet using their service. Was a royal pain for those popping to Florida for a break, they ended up here complaining their mail was broken, they could not send. It is possible that limitation extends to Spectrum. It is one of the things with legacy items. Nothing is really understood by the provider as they inherited the setup, let alone those trying to interpret their procedures.
Note this part well. A VPN is also going to cause sending where this sort of checking is active as it hides who you are connected to the internet with. That is it's whole purpose. VPN's have their place, but email with US based ISP's is not one of them.
I sincerely appreciate the community's serious and attentive attempts to help solve my issue. I am away from the afflicted machine today and so I cannot immediately explore those, but I have made an experiment that I could do where I am.
Using those same settings I have successfully used for years on the afflicted machine: 110 port, normal password and STARTLS, I can download the emails from the account on my Windows 10 Microsoft surface tablet PC.
Today, I downloaded TB and made an inaugural install on a Windows 11 machine used mostly for gaming. Exact same settings and the TB download function again works perfectly for this same account.
Which has me wondering if the update might have glitched in some strange way on just my one machine. Should my next step be to secure the profile folder and reinstall TB? Is there a better way to repair a possibly corrupted installation?
Turning off the encryption as suggested by Matt to Connection security: "None" and "Password, transmitted insecurely" allowed download though there were strange flashes of the screen. Why STARTLS works on the other machine, I do not understand. Thank you very much for the assistance.