Bug #17277

Check if the Thunderbird autoconfig wizard trusts the result of DNS requests

Added by intrigeri 4 months ago. Updated 20 days ago.

In Progress
Target version:
Start date:
Due date:
% Done:


Feature Branch:
Type of work:
Affected tool:
Email Client


Our design doc claims that Thunderbird trusts the result of DNS requests and we fix that, but I can't find how we do this.

I think something might have got lost along the way here: we used to have a patch for this, e.g. 3b437622ec44784fafb764071c34988213af2977 in our icedove.git.
We still had it in d9e6ba7978a685ea1a87cbc43e5a6279c6586e22 on the tails/stretch branch in our icedove.git.

We did not have it anymore in 2b0b9e0fd74b3de6841b3ef21a6f89c66f7a1c47, when I imported a patch series refreshed for v60. I think that's why I removed the corresponding pref in 5f2020524066458003022e77a23c8d9af05eb8b6 (#15091): the pref was not used anymore.
I'm wondering if back then, we've imported a patch series that was meant solely to generate patches that upstream might be fine with, but not meant for Tails. This dates back from #15091#note-24 where I had to guess what branch we should import, and I may have guessed wrong.

anonym, could you please check if we still need a patch (and lost it along the way)?

Related issues

Related to Tails - Feature #17259: Update Thunderbird design doc Resolved
Related to Tails - Feature #15091: Upgrade to Thunderbird 60 Resolved 05/09/2018
Related to Tails - Feature #6156: Upstream secure Thunderbird autoconfig wizard In Progress 05/19/2016
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

Associated revisions

Revision d94317d9 (diff)
Added by anonym about 2 months ago

Thunderbird: disable unsafe automatic configuration methods.

While working on refs: #6156 it was forgotten to fix the configuration
in Tails. Oops!

Will-fix: #17277


#1 Updated by intrigeri 4 months ago

#2 Updated by intrigeri 4 months ago

#3 Updated by intrigeri 4 months ago

#4 Updated by intrigeri 4 months ago

  • Related to Feature #6156: Upstream secure Thunderbird autoconfig wizard added

#5 Updated by intrigeri 3 months ago

  • Target version changed from Tails_4.2 to Tails_4.3

#6 Updated by anonym about 2 months ago

  • Status changed from Confirmed to In Progress

#7 Updated by anonym about 2 months ago

  • % Done changed from 0 to 20
  • Feature Branch set to bugfix/17277-disable-exchange-mx-autoconfig
  • Type of work changed from Research to Code

Indeed! That patch was dropped since I noticed that one could just set mailnews.mx_service_url to the empty string and it would have the same effect, without introducing another pref. So we need to do that.

Related, we have not disabled Exchange server lookup, which I added a patch for, so we also need to set mailnews.auto_config.fetchFromExchange.enabled to false. Whoops! :S

Not sure if this will make it into 4.3 at this late hour though..

#8 Updated by anonym about 2 months ago

  • Target version changed from Tails_4.3 to Tails_4.4

#9 Updated by anonym about 1 month ago

This branch is failing on Jenkins. Apparently setting fetchFromExchange.enabled to false breaks the autoconfig wizard (after entering the email address, pressing "Continue" does nothing). I can reproduce this in Debian with 1:68.5.0-1~deb10u1 so I'm pretty sure something with the patch I upstreamed has broken. Looking at the local "test suite" I did for this work, this used to work, so I'm not sure what's going on.

Note to self: the problem origins here:

function fetchConfigFromExchange(domain, emailAddress, username, password,
                                 successCallback, errorCallback) {
  assert(typeof(successCallback) == "function");
  assert(typeof(errorCallback) == "function");
  if (!Services.prefs.getBoolPref(
      "mailnews.auto_config.fetchFromExchange.enabled", true)) {
    errorCallback("Exchange AutoDiscover disabled per user preference");
    return new Abortable();

The errorCallback() is:

        (e, allErrors) => {
          // Must call error callback in any case to stop the discover mode.
          call.errorCallback()(e); // ()(e) is correct
          if (e.code == 401 || allErrors && allErrors.find(e => e.code == 401)) { // Auth failed
            // Ask user for username.

which seems to indeed not match how it's called above. Will look into this deeper at some point.

Note that the DNS pref works, so we could fix that in this ticket/branch, and move the Exchange stuff to a new ticket/branch.

#10 Updated by CyrilBrulebois 20 days ago

  • Target version changed from Tails_4.4 to Tails_4.5

Also available in: Atom PDF