The new AT&T security update requirement does not include Thunderbird . Will Thunderbird email be affected on Dec 31, 2014?
AT&T is issuing notifications to the effect that, unless email security settings are updated by Dec 31, 2014, email will no longer accessible. Thunderbird is not among the options offered on the AT&T site for updating the settings.
Vahaolana nofidina
Ok, so the combination of "plain" with "passwordCleartext" is the part where settings are insecure (basically, your username and password are sent in clear text across the wire, thus anybody eavesdropping on the line could read it and log in as you, reading your messages, and sending messages in your name).
From your list, it seems that at least the bellsouth.com account is maintained by AT&T, but you can start with the account for which you received that warning. Click on the [≡] toolbar button, then "Options>" on the arrow part to open the submenu, then "Account Settings". You should see an entry in bold for each of your accounts with a couple of pages underneath, and an "Outgoing Server (SMTP)" item at the very end.
For the account you need to change, go into the "Server Settings" tab. According to the KB article, the "Server Name" should be inbound.att.net and the "User Name" your full @bellsouth.com address. Underneath there is a group "Security Settings" where you change "None" to "SSL/TLS"; this should also switch "Port" (two rows above this setting) from "110" to "995" which is what you want.
Next, open the "Outgoing Server (SMTP)" tab and highlight the server which seems to be associated with your bellsouth.com/AT&T account. Same procedure here, "Server Name" should be outbound.att.net and "Connection Security" set to "SSL/TLS"; if "Port" doesn't switch from 25 to 465 automatically, make that change manually. Again, the "User Name" field should have your full @bellsouth.com address.
Hope this works as advertised.
Hamaky an'ity valiny ity @ sehatra 👍 1All Replies (8)
So what are they changing? Thunderbird supports TLS and SSL; what more do they demand of you? Can you copy one of these notifications here?
Yes... Here is the text of the 'Alert':
Dear AT&T Internet Service Customer,
Our records indicate that you are not using the most current secure settings in your email application. If you use an email application such as Microsoft® Outlook® or Apple® Mail to send or receive email, you will need to update your email settings by Dec. 31, 2014 in order to continue accessing your email through your email application. (If you currently access your email via webmail and the att.net homepage, you do not need to take any action.)
How Do I Update my Email Settings?
You can update your email settings easily online at the AT&T Support site.
You can automatically update your email settings by going to www.att.com/updatesettings and click the link to launch the AT&T Email Updater. This will detect any settings that need to be updated and will update automatically. OR You can manually update your email settings at www.att.com/esupport/article.jsp?sid=KB401568
If needed, additional support is available at https://home.secureapp.att.net/mailupdatesupport.
We suggest that you take action as soon as possible. Remember, you must update your email settings by Dec. 31, 2014 to continue using your email application to access your email.
http://www.att.com/esupport/article.jsp?sid=KB401568 holds the key but needs specifics, e.g., which type of service you are receiving from AT&T. Thus, please go there from your connection (which apparently is needed as well) and select your service, then pick the instructions for your e-mail domain (i.e., the part of your e-mail address after the '@' character) and let us know what they say.
There should be instructions for "POP" and possibly "IMAP" with each containing a server name xyz.att.com and a port number (110, 143, 465, 587, 993, 995, depending on the protocol). Another parameter is whether the user name is just the part in front of the '@' or your whole e-mail address, but as there are only two options, that's easy to figure out by just trying.
This page: http://www.att.com/esupport/article.jsp?sid=KB401570&cv=801&br=BR&ct=9000142&pv=3 shows that they expect you to use ports usually associated with SSL or TLS secured connections.
One way to help us to help you is to post your settings here.
Help|Troubleshooting Information
Clear the "include account name" checkbox Click the "copy text to clipboard" button Paste (ctrl+v) into your next posting.
Delete anything you aren't happy with sharing, and you can delete the reams of stuff about your fonts. But we DO need to see the server names and ports and security options.
Here is the text, sans fonts, printers. Let me know if I deleted too much...
Application Basics
Name: Thunderbird Version: 24.6.0 User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 Profile Folder: Show Folder
(Local drive) Application Build ID: 20140610001341 Enabled Plugins: about:plugins Build Configuration: about:buildconfig Crash Reports: about:crashes Memory Use: about:memory
Mail and News Accounts account1: INCOMING: account1, , (none) Local Folders, plain, passwordCleartext
account2: INCOMING: account2, , (pop3) mail.bellsouth.net:110, plain, passwordCleartext OUTGOING: mail.bellsouth.net:25, plain, passwordCleartext, true
account3: INCOMING: account3, , (pop3) mail.bellsouth.net:110, plain, passwordCleartext OUTGOING: mail.bellsouth.net:25, plain, passwordCleartext, true
account4: INCOMING: account4, , (pop3) pop.mindspring.com:110, plain, passwordCleartext OUTGOING: smtpauth.earthlink.net:25, plain, passwordCleartext, true
account5: INCOMING: account5, , (pop3) pop.mindspring.com:110, plain, passwordCleartext OUTGOING: smtpauth.earthlink.net:25, plain, passwordCleartext, true
account6: INCOMING: account6, , (pop3) pop.mindspring.com:110, plain, passwordCleartext OUTGOING: smtpauth.earthlink.net:25, plain, passwordCleartext, true
account7: INCOMING: account7, , (pop3) pop.mindspring.com:110, plain, passwordCleartext OUTGOING: smtpauth.earthlink.net:25, plain, passwordCleartext, true
account8: INCOMING: account8, , (pop3) pop.mindspring.com:110, plain, passwordCleartext OUTGOING: smtpauth.earthlink.net:25, plain, passwordCleartext, true
account9: INCOMING: account9, , (pop3) mail.generalstandards.com:110, plain, passwordCleartext OUTGOING: mail.generalstandards.com:25, plain, passwordCleartext, true
account10: INCOMING: account10, , (pop3) pop.mindspring.com:110, plain, passwordCleartext OUTGOING: smtpauth.earthlink.net:25, plain, passwordCleartext, true
account11: INCOMING: account11, , (pop3) pop.mindspring.com:110, plain, passwordCleartext OUTGOING: smtpauth.earthlink.net:25, plain, passwordCleartext, true
account16: INCOMING: account16, , (pop3) pop.mindspring.com:110, plain, passwordCleartext OUTGOING: smtpauth.earthlink.net:587, alwaysSTARTTLS, passwordEncrypted, true
Extensions
Important Modified Preferences
Name: Value
accessibility.typeaheadfind.flashBar: 0 browser.cache.disk.capacity: 358400 browser.cache.disk.smart_size.first_run: false browser.cache.disk.smart_size.use_old_max: false browser.cache.disk.smart_size_cached_value: 358400 extensions.lastAppVersion: 24.6.0 JavaScript
Incremental GC: 1
Accessibility
Activated: 0 Prevent Accessibility: 0
Library Versions
Expected minimum version Version in use
NSPR 4.10.2 4.10.2
NSS 3.15.4 Basic ECC 3.15.4 Basic ECC
NSS Util 3.15.4 3.15.4
NSS SSL 3.15.4 Basic ECC 3.15.4 Basic ECC
NSS S/MIME 3.15.4 Basic ECC 3.15.4 Basic ECC
Thanks...
Vahaolana Nofidina
Ok, so the combination of "plain" with "passwordCleartext" is the part where settings are insecure (basically, your username and password are sent in clear text across the wire, thus anybody eavesdropping on the line could read it and log in as you, reading your messages, and sending messages in your name).
From your list, it seems that at least the bellsouth.com account is maintained by AT&T, but you can start with the account for which you received that warning. Click on the [≡] toolbar button, then "Options>" on the arrow part to open the submenu, then "Account Settings". You should see an entry in bold for each of your accounts with a couple of pages underneath, and an "Outgoing Server (SMTP)" item at the very end.
For the account you need to change, go into the "Server Settings" tab. According to the KB article, the "Server Name" should be inbound.att.net and the "User Name" your full @bellsouth.com address. Underneath there is a group "Security Settings" where you change "None" to "SSL/TLS"; this should also switch "Port" (two rows above this setting) from "110" to "995" which is what you want.
Next, open the "Outgoing Server (SMTP)" tab and highlight the server which seems to be associated with your bellsouth.com/AT&T account. Same procedure here, "Server Name" should be outbound.att.net and "Connection Security" set to "SSL/TLS"; if "Port" doesn't switch from 25 to 465 automatically, make that change manually. Again, the "User Name" field should have your full @bellsouth.com address.
Hope this works as advertised.
This seems to have worked, in that the two accounts that I updated per your outline still operate normally in both directions, but now have SSL/TLS security.
Many thanks to you and to all who responded to my inquiry!
You are welcome!