Icedove can't send mails through Riseup's and Boum's SMTP
sending mails from icedove, with Tails 2.0 beta, using riseup.net or boum.org smtp doesn’t work every time. the client side error say almost nothing (just that the sending failed). claws mail seems not to be affected. it may be a SSL error.
steps to reproduce :
configure icedove to connect the SMTP server with STARTTLS or SSL/TLS port 587 or 465
icedove connect to the server, then, most of the time, an error message popup saying that the sending failed for unknown reason.
#3 Updated by goupille 2016-01-15 21:33:00
I just tried using startTLS, port 465 and boum.org, and the sending failed again. changing circuit sometimes make it possible to send emails, but sometime it is not sufficient. I don’t understand why it would work or not, I don’t think that it is “just” a blacklisted exit node.
there are at least three users affected by that issue so I think it is confirmed.
#5 Updated by goupille 2016-01-16 11:08:19
this is the error showing up in the console when sending a mail fails (Tails 2.0~rc1):
Horodatage : 16/01/2016 11:02:34 Erreur : NS_ERROR_UNEXPECTED: Component returned failure code: 0x8000ffff (NS_ERROR_UNEXPECTED) [nsIMsgMailNewsUrl.server] Fichier Source : resource:///modules/activity/alertHook.js Ligne : 48
#9 Updated by Anonymous 2016-01-20 12:19:19
There seem to be bug reports related to this and everytime it turns out that either the firewall would block the corresponding ports (that would probably not be the case in Tails, as we only send over Tor), or the provider would block ports or not resolve DNS correctly (that could be the case for some exit nodes).
#15 Updated by goupille 2016-05-31 16:28:36
- Assignee deleted (
there is a bunch of
Horodatage : 31/05/2016 16:22:49 Erreur : TypeError: Enigmail.msg.addressOnChange(...) is undefined Fichier Source : chrome://messenger/content/messengercompose/messengercompose.xul Ligne : 1
when I compose a new mail, but nothing more when I try to send it…
#17 Updated by anonym 2016-06-06 08:09:37
- Target version set to Tails_2.5
I can confirm that this is a problem with icedove 38.8.0-1~deb8u1+tails3 (which has the “secure autoconfig” patches apploed) that we intend to ship in Tails 2.4 — the autoconfig will resultin SSL for the SMTP configuration, which produces in this error. Switching to StartTLS fixes it.
My patches shouldn’t do anything after the configuration is done, so this could be an upstream problem. I tried to reproduce in Tails 2.3 which has icedove 38.7.0, but I couldn’t, so it might be a regression in icedove 38.8.0. Any way, we should do some testing of 38.8.0 without my patches, and with and without TorBirdy, etc, to pinpoint this.
Any way, in Tails 2.4 there is a workaround: if you get the error, just click “Ok” and try to send again and then it works. I’m adding that to the known issues section.
#18 Updated by goupille 2016-06-06 13:49:24
we never find out why this happened in Tails 2.0~rc1… in my case, the issue was resolved after upgrading to 2.0. were those patches involved at that time ? could it be related to the “rc status” of those releases (it’s the only two I had tested) ?
your workaround does not work for me, I did not find anything else than storing my mails in a “send later” queue and try to send them from time to time… some times it works for a few minutes every other hour, some times I spend days waiting for it…
#20 Updated by anonym 2016-06-07 06:37:32
I do consistently see the error when trying to use Riseup’s SMTP onion service,
zsolxunfmbfuq7wf.onion, both with SSL and STARTTLS. In the error console I see:
Timestamp: 06/07/2016 01:24:28 PM Error: zsolxunfmbfuq7wf.onion:587 uses an invalid security certificate. The certificate is only valid for the following names: *.riseup.net, riseup.net
Again, clearnet works completely without error for me, again, despite trying 5 emails (restarting icedove in between + forcing a new tor circuit).
#22 Updated by anonym 2016-06-08 16:31:25
> I upgraded to 2.4 and tried to send a mail with boum.org stmp, using STARTTLS (port 587)
> the first sending failed, the second and the third worked.
> I restarted icedove, tried again, and got four failed sending in a row…
The random nature of the error suggests it’s related to the connection (i.e. circuit quality, bad exits) but let’s not rule anything out. Can you please try to reproduce this error with Debian’s current
icedove package in Jessie:
sudo apt update sudo apt install icedove/jessie
Make sure you still use STARTTLS or SSL. Do you still get the error then?
#23 Updated by goupille 2016-06-09 05:09:19
on a Tails 2.4 (in a VM), with a riseup account, STARTTLS or SSL and the Icedove shipped with Tails I reproduced the error. I rebooted the VM, installed icedove/jessie, configured it with STARTTLS and could send 5 mails in 15 minutes without any errors. it works also with SSL with no errors.
#24 Updated by anonym 2016-06-14 11:32:10
- Status changed from Confirmed to In Progress
Can you try to reproduce with an image from here: http://nightly.tails.boum.org/build_Tails_ISO_stable/lastSuccessful/archive/build-artifacts/
Actually, right now the image there will not work because the one I have hopes for is still building. Just make sure the time stamp is after “14-Jun-2016 08:06”. And then make sure that the Icedove installed is 45.1.0.
So my theory is that you are experiencing Icedove being terrible at handling SSL certificates, or some edge case around there. Exactly why it affects you so much I do not know. Any way, my experience is that icedove 45.1.0 handles these situations better (at least when using e.g. RiseUp’s
.onion, which isn’t mentioned in the cert) and hopefully it will solve your problems.
Also, are you using the icedove persistence option? If so, did you ever try setting up your account from scratch again? I’d recommend that if you still have issues.
#26 Updated by segfault 2016-06-15 09:36:47
I just upgraded to 2.4 and now I am experiencing this issue too. I also see this same error message in the error console, but only with STARTTLS:
> Timestamp: 06/07/2016 01:24:28 PM
> Error: zsolxunfmbfuq7wf.onion:587 uses an invalid security certificate.
> The certificate is only valid for the following names:
> *.riseup.net, riseup.net
With SSL/TLS, the sending still fails but without error message in the console.
My workaround is using smtp.riseup.net until we find a fix for this.
#27 Updated by segfault 2016-06-15 12:27:23
I just got this “The message could not be sent using Outgoing server (SMTP) mail.riseup.net for an unknown reason.” message with the smtp.riseup.net and mail.riseup.net servers. I tried both SSL/TLS and STARTSSL. It didn’t log to the error console. Repeatedly trying to send it always failed. According to onioncircuits, the connection to mail.riseup.net:587 was build up successfully and then closed. Only when I restarted Tor to enforce of a new circuit, it worked.
#28 Updated by micah 2016-06-22 14:03:50
I’m going to guess that the problem has to do with more strict libraries when it comes to tls related connections causing what used to not be a problem to start being a problem.
Maybe what we need to do at riseup is to setup non-encrypted ports that are only available for onion addresses, in the same way that we setup unencrypted http for onion traffic. That way the cert warning will go away, and probably will make this problem go away?
#31 Updated by anonym 2016-06-24 05:20:47
> actually, I tested it again today with a boum.org account and it doesn’t work (no error with riseup, so far)…
Would you still say that the ISO I pointed to works better than in Tails 2.4 and older?
Can you please post the exact configuration you use?
Do you remember if you ever had to accept a (supposedly) invalid SSL certificate?
Next time you have issues, can you please try:
- shutdown icedove
- force Tor to use new circuits (this is easiest done withe Tor Button’s “New Identity” feature in Tor Browser)
- start icedove and try again
- on failure repeat above steps a couple more times and see if things improve
Really, if not too inconvenient, can you wipe your persistent
~/.icedove and set it up again from scratch?
#32 Updated by goupille 2016-06-24 09:32:25
> Would you still say that the ISO I pointed to works better than in Tails 2.4 and older?
yes, it seems to work better : I testing again with boum and riseup since almost one hour and couldn’t reproduce the error…
> Can you please post the exact configuration you use?
like during all the tests I made, I started the iso in a VM, without persistence. I accepted the default configuration Icedove proposed me, so IMAP and SSL for riseup and IMAP and STARTTLS for boum.
> Do you remember if you ever had to accept a (supposedly) invalid SSL certificate?
I was never asked to accept or not a certificate
> Next time you have issues, can you please try:
> # shutdown icedove
> # force Tor to use new circuits (this is easiest done withe Tor Button’s “New Identity” feature in Tor Browser)
> # start icedove and try again
> # on failure repeat above steps a couple more times and see if things improve
I do that from time to time, sometimes it works some times not, so I never saw it as a workaround…
> Really, if not too inconvenient, can you wipe your persistent
~/.icedove and set it up again from scratch?
I would prefer to avoid that
#34 Updated by Kurtis 2016-07-04 23:50:10
It seems like this riseup smtp issue is getting worse as time goes on. I email a lot and my frequency of an unknown error coming up when i try to use mail.riseup.net as my SMTP server in IceDove is going way up and I regularly toggle between STARTTLS and TLS. I pretty much can’t use my main email provider with my main email client anymore, and I have to use the web client instead. Is there anyone that can confirm that http://yfm6sdhnfbulplsw.onion/code/issues/11530 will fix this issue in the next release? Is there an iso I can download with this fixed before the August Tails release comes around?
#36 Updated by bertagaz 2016-07-05 05:38:37
> Kurtis wrote:
> > Can anyone confirm that http://yfm6sdhnfbulplsw.onion/code/issues/11530 fixes this issue?
> you could try the testing iso provided by anonym (comment 24) and see if it corrects the issue for you, then report back here…
I tested with an ISO build on stable with Icedove 1:45.1.0-1~deb8u1+tails1 (so the same than the proposed ISO in comment 24 mostly) and confirm it works better now. Sending emails from riseup doesn’t seem to be an issue anymore with this ISO. \o/
#37 Updated by intrigeri 2016-07-13 11:55:36
- Priority changed from Normal to Elevated
Bumping priority as this affects people (including our frontdesk) enough to make them complain repeatedly and loudly enough to be a little stressful for me. They’re nice people, so it must be that the problem is indeed really annoying to them :)
anonym, u: can you please clarify what info / test results you need at this point? Are goupille’s and bertagaz’ replies enough, or do you need more answers to the same questions? Or to new/updated questions?
Also, if there’s a not-too-bad workaround available, that could be documented here, it seems that this would make a number of people much happier :)
#41 Updated by Anonymous 2016-07-15 03:15:50
> I had also problems with riseup and Icedove, and it’s now fixed by updating icedove :
> (I’m using SMTP with the default configuration, except the SMTP server that I changed to “mail.riseup.net”)
FYI, the Icedove from Debian does not have the SSL patches we ship in Tails. In case you’ve already set up your account, this should not have much impact and traffic should still go through Tor, at the correctly preconfigured port.
#43 Updated by intrigeri 2016-07-21 06:34:52
OK, thanks everyone for testing Icedove 45.1 from Debian Jessie. I’m glad it seems to fix the problem for you! But we still need more info: please also test our modified Icedove 45.1 (that’s available in any recent nightly built ISO image, such as http://nightly.tails.boum.org/build_Tails_ISO_stable/lastSuccessful/archive/build-artifacts/) and report back if it fixes the problem as well. Then we’ll know is this problem is already fixed for 2.5, or if more work is needed. Thanks in advance!
#46 Updated by intrigeri 2016-07-23 05:41:22
- Assignee changed from intrigeri to goupille
My current best understanding is that 1:45.1.0-1~deb8u1+tails1 works with Riseup.
What I’d like to know now is: does the nightly build ISO, that has an updated Icedove (45.1.0-1~deb8u1+tails2), work with boum.org? Reassigning to the bug submitter.
#47 Updated by goupille 2016-07-24 04:20:48
- Assignee changed from goupille to intrigeri
> What I’d like to know now is: does the nightly build ISO, that has an updated Icedove (45.1.0-1~deb8u1+tails2), work with boum.org?
I tested again with the latest nightly build ISO, I couldn’t reproduce the error with boum (i.e. it works)
maybe there was a connection issue during my first tests (I had a really bad connection at that time)