Fix: Thunderbird 78 doesn’t download any messages

After my trusty Lenovo X270 died I’ve set up a fresh copy of Thunderbird on my old MacBook pro. Yet after entering all the correct data I’ve received the a message that username and password could not be verified.

I double checked the login data, they work. It also worked just fine in Mac Mail which isn’t my preferred client for this particular email account.

No information was given as to why the login credentials couldn’t be verified. Not a single configuration worked and I switched to Webmail for weeks as I was too busy to fix the issue.

Debugging the problem

Thunderbird has some debugging options within it’s UI but none of them seem to spit out any log related to the actual connections. The only way I found was to enable logging in the shell like this:

## WARNING: THIS IS BASED ON MAC OS X
## SAME THING WITH LINUX BUT WITH A DIFFERENT BINARY

export MOZ_LOG=IMAP:4
export MOZ_LOG_FILE=~/Desktop/tbimap.log
/Applications/Thunderbird.app/Contents/MacOS/thunderbird-bin

Following the log with tail -f is futile as it only filled after Thunderbird quit. The log message I got looked something like this:

[(null) 13750: IMAP]: D/IMAP ImapThreadMainLoop entering [this=0x12e491800]
[(null) 13750: Main Thread]: I/IMAP 0x12e491800:<SERVER_URL>:NA:SetupWithUrlCallback: clearing IMAP_CONNECTION_IS_OPEN
[(null) 13750: IMAP]: I/IMAP 0x12e491800:<SERVER_URL>:NA:ProcessCurrentURL: entering
[(null) 13750: IMAP]: I/IMAP 0x12e491800:<SERVER_URL>:NA:ProcessCurrentURL:imap://<USERNAME><SERVER_URL>:143/select%3E%5EINBOX:  = currentUrl
[(null) 13750: IMAP]: D/IMAP ReadNextLine [rv=0x0 stream=0x12e741820 nb=113 needmore=0]
[(null) 13750: IMAP]: I/IMAP 0x12e491800:<SERVER_URL>:NA:CreateNewLineFromSocket: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED] wolfsherz Cyrus IMAP4 v2.3.11 server ready
[(null) 13750: IMAP]: D/IMAP SetConnectionStatus(0x0)
[(null) 13750: IMAP]: D/IMAP SetConnectionStatus(0x0)
[(null) 13750: IMAP]: I/IMAP 0x12e491800:<SERVER_URL>:NA:SendData: 1 STARTTLS
[(null) 13750: IMAP]: D/IMAP ReadNextLine [rv=0x0 stream=0x12e741820 nb=32 needmore=0]
[(null) 13750: IMAP]: I/IMAP 0x12e491800:<SERVER_URL>:NA:CreateNewLineFromSocket: 1 OK Begin TLS negotiation now
[(null) 13750: IMAP]: D/IMAP SetConnectionStatus(0x0)
[(null) 13750: IMAP]: I/IMAP 0x12e491800:<SERVER_URL>:NA:SendData: 2 capability
[(null) 13750: IMAP]: D/IMAP ReadNextLine [rv=0x805a2ff7 stream=0x12e741820 nb=0 needmore=1]
[(null) 13750: IMAP]: I/IMAP 0x12e491800:<SERVER_URL>:NA:CreateNewLineFromSocket: clearing IMAP_CONNECTION_IS_OPEN - rv = 805a2ff7
[(null) 13750: IMAP]: I/IMAP 0x12e491800:<SERVER_URL>:NA:TellThreadToDie: close socket connection
[(null) 13750: IMAP]: I/IMAP 0x12e491800:<SERVER_URL>:NA:CreateNewLineFromSocket: (null)
[(null) 13750: IMAP]: D/IMAP SetConnectionStatus(0x805a2ff7)
[(null) 13750: IMAP]: D/IMAP URL failed with code 0x805a2ff7 (imap://<USERNAME><SERVER_URL>:143/select%3E%5EINBOX)
[(null) 13750: IMAP]: I/IMAP 0x12e491800:<SERVER_URL>:NA:ProcessCurrentURL: aborting queued urls
[(null) 13750: IMAP]: D/IMAP ImapThreadMainLoop leaving [this=0x12e491800]

The only real clue I got from this is:

[(null) 13750: IMAP]: D/IMAP URL failed with code 0x805a2ff7 (imap://<USERNAME><SERVER_URL>:143/select%3E%5EINBOX)

It lead me to this bug report which shed some light onto the problem.

Fixing the problem

Thunderbird >=78 requires TLS1.2 by default. Nothing wrong with that. Until you end up with an account outside your control that doesn’t seem to support this protocol yet. To fix the issue on the client side it’s necessary to downgrade this security requirement, at least until you manage to make your mail server admin upgrading to TLS 1.2.

Enter the Thunderbird config editor through Thunderbird -> Preferences -> General -> Config Editor ... (It’s all the way down on the General page). Accept the risk and look for the following value:

security.tls.version.min

Mine was set to 3. Change the value to 1 and close the window. Maybe even restart Thunderbird.

Thunderbird is now able to use the less secure TLS 1.0. Not ideal but at least the connection issues have been fixed for now.