0

Suddenly today (Linux, PopOS 20.10, TB 78.7.1(64-bit)), I can't send mail via my ISP using Thunderbird. At first an email was rejected, saying the certificate was invalid. Viewing the certificate details, I saw the certificate had dates in the future (start on 5th Oct, end on 6th November), and as well it referred to my ISP's updated domain name: optusnet had replaced optushome quite a few years ago. screen grab of problematic certificate Guessing that perhaps I needed to change the mail server name from optushome to optusnet, the situation became far worse for me after I tried to do so, which failed dismally, and I then changed it back to optushome. Now I get:

"Sending of the message failed. Unable to communicate securely with peer: requested domain name does not match the server’s certificate. The configuration related to mail.optushome.com.au must be corrected."

Since I can't find the server's certificate, TB has tied my hands nicely. I also belatedly guessed that the dates on the certificates might be presented in US style (M/D/YYYY) rather than Australian style (DD/MM/YYYY or YYYY/MM/DD), since today is 13th May 2021. But now I can't even get TB to check for a certificate.

If I get to the Add Security Exception popup, Get Certificate fails for mail.optushome.com.au:25 and for mail.optusnet.com.au:25 . In either case, TB says just:

"No Information Available Unable to obtain identification status for this site."

If I try "optushome.com.au" the Get Certificate says "Checking Information / Attempting to identify this site..." and several minutes pass before failing with the "No Information Available" result.

I think the key parts of the problem are that 1) TB offers no way to find the certificate(s), and 2) offers no hints about HOW to correct the configuration.

In desperation I tried "Confirming Security Exception", and now if I click Send the mail appears to be sent, then it warns me it has failed to save a local copy in my sent folder, and then shortly after I see a notification of failure to connect to mail.optushome.com.au (and the mail doesn't appear to be sent).

However, now I can't get to the Add Security Exception popup, because TB thinks it has sent the email, I suppose.

I also tried https://support.mozilla.org/en-US/questions/1083282, but that made zero difference, and I have now unset the new string. (There seems to be no way to delete it.)

Improve this question
4
  • This is a problem on your ISPs end. Consider using webmail if it's available.
    – gronostaj
    Commented May 13, 2021 at 8:35
  • "(start on 5th Oct, end on 6th November)" - the date format shown is likely MM/DD/YYYY, i.e. starting May 10, 2021 and ending June 11, 2022.
    – Steffen Ullrich
    Commented May 13, 2021 at 8:42
  • Having retrieved the certificate using openssl, I can confirm that it is valid (“Not Before: May 10 00:00:00 2021 GMT”). // Are you perhaps still using the old host names in your Thunderbird configuration? You have to use the new host names.
    – Daniel B
    Commented May 13, 2021 at 8:42
  • Since it's working again with no interaction with my ISP, I don't think it was a problem on the ISP's end. TB's use of the wrong date format for the locale added to the confusion. I am still using the old domain names, as I have been for all the years since it changed, and have not changed them, and it's working again now. I think something prompted TB to report a problem as an invalid certificate - my guess is that error message was wrong. Perhaps there had been some other transient failure at the ISP, or at my end? After Confirming Security Exception and undoing wrong changes, all ok.
    – LukeJKendall
    Commented May 13, 2021 at 10:41

1 Answer 1

Reset to default
1

mail.optushome.com.au is actually an alias for mail.optusnet.com.au:

$ dig mail.optushome.com.au
...
mail.optushome.com.au.  460     IN      CNAME   mail.optusnet.com.au.
mail.optusnet.com.au.   7060    IN      A       211.29.132.250

Using mail.optusnet.com.au instead of mail.optushome.com.au should fix your problem since the certificate is valid for the first name but not the second.

And this seems to be actually the recommended setting anyway based on this support site from Optus or this external site.

Improve this answer
7
  • That makes sense, thank you. But how do I use that? I can't find a place to set it to be mail.optusnet.com.au BTW, by changing the SMTP port from 587 to 25 I'm able to send and receive email again, after providing my password again when asked. (When I tried 587 I got the error message: An error occurred while sending mail: The mail server sent an incorrect greeting: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Hello there..
    – LukeJKendall
    Commented May 13, 2021 at 9:04
  • The fact that I can send and receive email once again, without making a change to the certificate (as far as I can tell!), seems extremely interesting. Why was TB previously refusing to send the emails, and identifying the certificate as the problem, if it's now accepting it? I should also note that on two separate occasions when I tried changing the server name from optushome.com.au to optusnet.com.au, with a Send window open, TB locked up, going to 100% CPU (unable to redraw the Send window if I moved it), no menus or buttons responsive, and I had to kill TB.
    – LukeJKendall
    Commented May 13, 2021 at 9:10
  • 1
    "I can't find a place to set it to be mail.optusnet.com.au " - If you have found the place to change the port number you also have the place to change the server to connect to. "When I tried 587 ..." - I cannot access port 587 from outside. But the response here is from an IMAP server. Are you sure you've used 587 and not 993 here?
    – Steffen Ullrich
    Commented May 13, 2021 at 9:10
  • Yes, 100% sure I tried 587 and had the problem. I looked up a network reference. I saw 993 was an option (encrypted), but the failure message for 587 made me revert to port 25 after using telnet to make sure it wasn't blocked. 100% sure I used 587: I double-checked it. Thanks also for confirming that: (Account name) / Server Settings / Server Name: / is the place where you configure the server. The certificates are still a mystery to me, especially how to see them, and why optushome.com.au once more is causing no objection from TB. Unless my Confirm Exception retrospectively worked?!
    – LukeJKendall
    Commented May 13, 2021 at 9:31
  • 1
    @LukeJKendall: "and why optushome.com.au once more is causing no objection from TB. Unless my Confirm Exception retrospectively worked?! " - likely.
    – Steffen Ullrich
    Commented May 13, 2021 at 10:12

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .