Setting up Thunderbird

sslhappy-ca | dovecot-clientcert | thunderbird | apache-clientcert | firefox

Preferences

/// –> Preferebces –> Menu bar
general/ disable start page
display/ emoticons

Account ettings

signature
every 5 minutes
expunge
no html

Message filters

root
From contains root@
--> CRON

bcc
To or Cc doesn't contain YOUR@EMAIL
To or Cc doesn't contain YOUR-OTHER@EMAIL
--> BCC

otherwise first bcc with exclusion on crontabs, then crontabs

bcc
To or Cc doesn't contain YOUR@EMAIL
From doesn't contain root@

cron
From contains root@

P11-KIT

use an empty /etc/ssl/certs/ca-certificates.crt instead of mozilla’s built-in store.

apt install p11-kit p11-kit-modules

updatedb
locate libnssckbi.so
locate p11-kit-trust.so

mv /usr/lib/thunderbird/libnssckbi.so /usr/lib/thunderbird/libnssckbi.so.dist
cp /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/thunderbird/libnssckbi.so

mv /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.dist
touch /etc/ssl/certs/ca-certificates.crt

you will still see some Authorities for some reason mentioned but the list got reduced and maybe not even used

Preferences -> Advanced // Certificates

if you really want to be sure, use a valid LE cert and you will see you get prompted to accept it anyways. I am sorry that’s the best we’ve got so far.

TODO

find out about those remaining Authorities, why are those still there? WTF!

(UNUSED) Import your ORG’s Root CA

this does not work hence we went for the P11-KIT solution above

the trust store is an NSS Shared DB

apt install libnss3-tools

cd ~/.thunderbird/
find . | grep .db$
cd ./PROFILE.default-release/

cat cert_override.txt
cat pkcs11.txt

cp cert9.db cert9.db.dist
cp key4.db key4.db.dist

# cert9 & key4
certutil -A -n "Nethence Root CA" -t "TC,TC,TC" -i /etc/ssl/ca.crt -d sql:`pwd`
#-t "TC,C,C"
#-t "TC,TC,TC"
#-t "TC,C,T"
#-t "TC,Cw,Tw"

# cert8
#-d dbm:

ls -lF cert*
ls -lF key*

Troubles

not much success with this command

modutil -list

modutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.

Resources

How to Stop Thunderbird Showing ‘Me’ or ‘You’ instead of Your Own Email Address https://www.kuxas.com/148/how-to-stop-thunderbird-showing-me-or-you-instead-of-your-own-email-address

Client issues and configuration https://wiki2.dovecot.org/Clients

IMAP Folders' names with “/” problems for different platforms https://bugzilla.mozilla.org/show_bug.cgi?id=29926

dovecot-postfix imap configuration for thunderbird https://lists.ubuntu.com/archives/ubuntu-users/2013-January/266533.html

Thunderbird should use \Flagged IMAP flag to indicate “Important” https://bugzilla.mozilla.org/show_bug.cgi?id=335293

Setting up Thunderbird

Preferences

Account ettings

Message filters

P11-KIT

TODO

(UNUSED) Import your ORG’s Root CA

Troubles

Resources

p11-kit trust store

nss engine

nss trust store (default)

forensics