Opened 5 years ago

Closed 4 years ago

#6310 closed task (wontfix)

Torbirdy warns about a possible unsafe connection over Port 143, when using STARTTLS

Reported by: janssen Owned by: ioerror
Priority: Medium Milestone:
Component: Applications/TorBirdy Version:
Severity: Keywords: starttls 143 port imap
Cc: sukhbir.in@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Version: Torbirdy 0.0.7
OS: Fedora 16 - 3.4.2-1.fc16.x86_64 #1 SMP Thu Jun 14 20:17:26 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
Thunderbird: 13.0

When starting Thunderbird, Torbirdy notes you, that Thunderbird may connect a Mailserver over the probably unencrypted port 143 (normally imap), even if Thunderbirds connects over STARTTLS.

Can’t u check, if there is STARTTLS and just ask, if there is no STARTTLS or SSL activated? Would be nice, if that would work, don’t mind if not...

Child Tickets

Change History (6)

comment:1 Changed 5 years ago by ioerror

Does TorBirdy give you this error or does Vidalia?

comment:2 Changed 5 years ago by ioerror

Status: newneeds_information

comment:3 in reply to:  description Changed 5 years ago by sukhbir

Cc: sukhbir.in@… added

Replying to janssen:

Can’t u check, if there is STARTTLS and just ask, if there is no STARTTLS or SSL activated? Would be nice, if that would work, don’t mind if not...

Yes, this is possible if you configured your account manually using an earlier version of TorBirdy, because we were not enabling any connection security for manually configured accounts.

This has been fixed in the latest release (0.0.10). I think you won't have this issue now, so please try and let us know.

comment:4 Changed 5 years ago by sukhbir

Resolution: fixed
Status: needs_informationclosed

Vidalia gives this warning when running an earlier version of TorBirdy where manually configured accounts did not have any connection security enabled (by default). In the latest version of TorBirdy, we are forcing SSL and therefore this warning should not be there.

Marking this as fixed.

comment:5 Changed 4 years ago by harrincourt

Resolution: fixed
Status: closedreopened

I received the same message regarding unsafe (unencrypted) connection over port 143 (STARTTLS). I did change manually the settings as the mailaccount did not work with pop.

Using TorBirdy 0.1.2., Thunderbird 24.1.0, Fedora 19 and an openmailbox.org mailacccount.

comment:6 in reply to:  5 Changed 4 years ago by sukhbir

Resolution: wontfix
Status: reopenedclosed

Replying to harrincourt:

I received the same message regarding unsafe (unencrypted) connection over port 143 (STARTTLS). I did change manually the settings as the mailaccount did not work with pop.

Yes, this is expected. Port 143 is for plain IMAP and you should not be using that over Tor since you can leak your password and/or emails at the exit node. Please see this for more information: https://www.eff.org/pages/tor-and-https. To prevent this, TorBirdy enforces IMAP over SSL/TLS for all existing and new accounts (port 993) and you should not change this setting.

Using TorBirdy 0.1.2., Thunderbird 24.1.0, Fedora 19 and an openmailbox.org mailacccount.

You should ask openmailbox.org if they support SSL for their IMAP/POP/SMTP accounts. If they do not, I don't recommend that you use Tor with this account and you should change your password just to be sure.

Find an email provider that support SSL; most of them do these days. Then revert the settings back to their default (uninstall and reinstall TorBirdy) and then use the new account with SSL support.

Note: See TracTickets for help on using tickets.