sslhappy-ca | dovecot-clientcert | thunderbird | apache-clientcert | firefox
root From contains root@ --> CRON bcc To or Cc doesn't contain YOUR@EMAIL To or Cc doesn't contain YOUR-OTHER@EMAIL --> BCC
otherwise first bcc with exclusion on crontabs, then crontabs
bcc To or Cc doesn't contain YOUR@EMAIL From doesn't contain root@ cron From contains root@
use an empty /etc/ssl/certs/ca-certificates.crt
instead of mozilla’s built-in store.
apt install p11-kit p11-kit-modules updatedb locate libnssckbi.so locate p11-kit-trust.so mv /usr/lib/thunderbird/libnssckbi.so /usr/lib/thunderbird/libnssckbi.so.dist cp /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/thunderbird/libnssckbi.so mv /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.dist touch /etc/ssl/certs/ca-certificates.crt
you will still see some Authorities for some reason mentioned but the list got reduced and maybe not even used
Preferences -> Advanced // Certificates
if you really want to be sure, use a valid LE cert and you will see you get prompted to accept it anyways. I am sorry that’s the best we’ve got so far.
this does not work hence we went for the P11-KIT solution above
the trust store is an NSS Shared DB
apt install libnss3-tools cd ~/.thunderbird/ find . | grep .db$ cd ./PROFILE.default-release/ cat cert_override.txt cat pkcs11.txt cp cert9.db cert9.db.dist cp key4.db key4.db.dist # cert9 & key4 certutil -A -n "Nethence Root CA" -t "TC,TC,TC" -i /etc/ssl/ca.crt -d sql:`pwd` #-t "TC,C,C" #-t "TC,TC,TC" #-t "TC,C,T" #-t "TC,Cw,Tw" # cert8 #-d dbm: ls -lF cert* ls -lF key*
not much success with this command
modutil -list modutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
How to Stop Thunderbird Showing ‘Me’ or ‘You’ instead of Your Own Email Address https://www.kuxas.com/148/how-to-stop-thunderbird-showing-me-or-you-instead-of-your-own-email-address
Client issues and configuration https://wiki2.dovecot.org/Clients
IMAP Folders' names with “/” problems for different platforms https://bugzilla.mozilla.org/show_bug.cgi?id=29926
dovecot-postfix imap configuration for thunderbird https://lists.ubuntu.com/archives/ubuntu-users/2013-January/266533.html
Thunderbird should use \Flagged IMAP flag to indicate “Important” https://bugzilla.mozilla.org/show_bug.cgi?id=335293
https://p11-glue.github.io/p11-glue/trust-module.html https://p11-glue.github.io/p11-glue/sharing-trust-policy.html https://p11-glue.github.io/p11-glue/doc/storing-trust-policy/
Firefox trust system trusted certificates https://bgstack15.wordpress.com/2018/10/04/firefox-trust-system-trusted-certificates/ https://www.techrepublic.com/article/how-to-add-a-trusted-certificate-authority-certificate-to-chrome-and-firefox/ https://askubuntu.com/questions/244582/add-certificate-authorities-system-wide-on-firefox/1036637#1036637 https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox
CA/AddRootToFirefox https://wiki.mozilla.org/CA/AddRootToFirefox
Setting Up Certificate Authorities (CAs) in Firefox https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox
NSS-Crypto.org https://nss-crypto.org/
Network Security Services https://en.wikipedia.org/wiki/Network_Security_Services
NSS Tools: How to configure Thunderbird profile to use a specific signing/encryption certificate? http://mozilla.6506.n7.nabble.com/NSS-Tools-How-to-configure-Thunderbird-profile-to-use-a-specific-signing-encryption-certificate-td342199.html
NSS tools : modutil https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_tools_:_modutil
https://wiki.mozilla.org/NSS_Shared_DB
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil
https://gist.github.com/ThomasLeister/f55fa9c2e85b506ce00ed91f059f0138
Add certificate authorities system-wide on Firefox https://askubuntu.com/questions/244582/add-certificate-authorities-system-wide-on-firefox
https://me.micahrl.com/blog/mozilla-ssl-nss/ https://stackoverflow.com/questions/1435000/programmatically-install-certificate-into-mozilla http://web.archive.org/web/20150622023251/http://www.computer42.org:80/xwiki-static/exported/DevNotes/xwiki.DevNotes.Firefox.html
http://bahut.alma.ch/2011/07/importing-root-certificates-into.html https://blogs.oracle.com/meena/about-trust-flags-of-certificates-in-nss-database-that-can-be-modified-by-certutil
https://github.com/nyov/python-ffpassdecrypt/blob/master/firefox_passwd.py
https://github.com/glondu/nss-passwords