Configuring Mozilla Thunderbird for IMAPS+TLS

appropriateness

These directions and screenshots are for Thunderbird 1.0.7.

These directions are to be followed verbatim only by users that have a mailbox on my server and are authorized to relay through my server. This is relatively rare. Please substitute your own settings when appropriate. For example, if you're only relaying, then use your ISP's (or other mail service provider's) POP3/IMAP information. Or, if you are not authorized to relay through my server, use your ISP's (or other mail service provider's) SMTP hostname, port, username, etc.

These directions assume that you just installed Thunderbird into a fresh profile, so there are no existing settings.

initial configuration

Fire up Thunderbird, and follow these directions step by step. Each list item describes a separate screen.

  1. Select "Don't import anything." (screenshot)
  2. Select "Email account". (screenshot)
  3. Enter your name and your email address. Be sure to enter your full address, not just your Unix username. (screenshot)
  4. Select IMAP and enter "mail.qnan.org" for both servers. (screenshot)
  5. Enter your email address, same as in step 3. (screenshot)
  6. Enter any arbitrary name that will help you to uniquely identify the account. (screenshot)
  7. Review your information, then click "Finish". (screenshot) At this point Thunderbird will attempt to connect to the server, but will be unable to, and will just sit there looking busy. Despite the hourglass, continue with the directions.
  8. Go to Edit -> Account Settings. (screenshot)
  9. Select "Server Settings" from the list on the left, and check "Use secure connection (SSL)". The port will automatically change from 143 to 993. (screenshot) At this point Thunderbird is still looking busy.
  10. Select "Outgoing Server (SMTP)" from the list on the left, uncheck "Use name and password", and select "TLS" under "Use secure connection". (screenshot)

Good. At this point exit Thunderbird.

Thunderbird knows enough to connect to the server and retrieve your messages. There are still two problems: your Thunderbird does not yet trust my security certificates, and it is not yet aware of your client certificate (if any).

certificates

First, go to http://www.qnan.org/ssl/ and download the certificate file to your hard drive, then begin following these directions in Thunderbird. If you are authorized to relay through my server, you should also have your client certificate that you received from me available on your hard drive.

Once both files (certificate authority and client certificates) are in a known location on your hard drive, close your browser and re-open Thunderbird. Click "Cancel" on the pop-up window that appears titled "Web Site Certified by an Unknown Authority". We are not ready yet to connect to anything.

  1. Go to Edit -> Preferences (screenshot)
  2. Click "Advanced" in the list on the left, and expand the "Certificates" category. (screenshot)
  3. Click "Manage Certificates...", then the "Authorities" tab. (screenshot)
  4. Click "Import", and find and select the file that you downloaded right before following these directions. (screenshot)
  5. Check all three checkboxes. (screenshot)
  6. You should see my name as the first listed certificate. (screenshot) If you are not relaying through my server, you are finished. Go past the end of this list.
  7. Switch to the "Your Certificates" tab, which should show an empty list. (screenshot)
  8. Import your client certificate in a similar manner:
    1. Find and select the client certificate file that I emailed you and you saved to your hard drive.
    2. Thunderbird will ask you to set a Master Password, which is a feature of Mozilla/Firefox/Thunderbird to keep your certificates secure. Set any password you want. You will need it anytime your certificate is required.
    3. Thunderbird will ask you for your certificate's password. Enter the password that I emailed you along with your client certificate.
    4. If all went well, you should see a pop-up message that states, "Successfully restored your security certificate(s) and private key(s)." (screenshot) If you instead get a failure message, exit and rerun Thunderbird, and try to import your client certificate again.
  9. Now the list of "Your Certificates" should contain your certificate. (screenshot)

You may now delete the certificate authority file from your hard drive, and move your client certificate to a safe place. Do not lose the client certificate.

As the last step, completely exit Thunderbird. This will place all your new settings into effect.

You are finished. Everything should work. If something went wrong, please don't hesitate to contact me.