My email client Thunderbird keeps complaining with a dialog box at every mail transfer attempt, as follows:

Security Error: Domain Name Mismatch
You have attempted to establish a connection with
"mail.stewarts.adsl24.co.uk". However, the security certificate
presented belongs to "pluto.adsl24.co.uk".

If I then click the 'OK' button, the transfer goes ahead without a problem.

My wife's PC is set up in an identical manner, and doesn't have this problem. I've checked every security setting in Thunderbird, and can't find what is different. That's looking in;
Tools : Account Settings : Security
Tools : Options : Privacy : Security

Anyone have any ideas?

Ian

Tools | Accounts. Scroll to the very bottom of the list and click on Outgoing Server (SMTP). Choose the ADSL24 server in the panel on the right and click on Edit. Under the section "Use secure connection" choose the relevant option.

Tools | Accounts. Scroll to the very bottom of the list and click on Outgoing Server (SMTP). Choose the ADSL24 server in the panel on the right and click on Edit. Under the section "Use secure connection" choose the relevant option.

Set to "Use TLS if available", but so is my wife's, and she doesn't have the problem I have. :confused:

In that case I would guess that your wife selected the option to "Accept this certificate permanently" and you haven't so you are asked once each session.

In that case I would guess that your wife selected the option to "Accept this certificate permanently" and you haven't so you are asked once each session.

Ahh, that sounds quite likely. I can't find that setting anywhere, perhaps it's only presented at the time the SMTP server is set up? If so, I'll have to delete the server and re-enter it.

No, that didn't make any difference. I was not asked at any time to accept a certificate, and I still get the same dialog. I suppose I should now try to delete the certificate and see if I'm then asked to accept it again.

Still no change. The certificate I could find for pluto, and deleted, only referred to web sites.

Yes deleting the server makes no difference as when it is readded the certificate it presents is the same. If your wife did indeed add it permanently it will be in one of the lists at

Tools | Options | Privacy | Security | View Certificates

If you're certain that every setting in the SMTP properties dialog box is identical on both machines then the only other thing I can think of is that your wifes machine isn't using the ADL24 SMTP server when sending but a different one.

So the question is are their any other outgoing servers setup on your wifes machine? If so then go to the properties of the ADSL24 account on your wifes machine and check which SMTP server it is using.

Also, simply turn of the SSL or Secure SMTP/POP setting as the mail server does not require it by default...

I'm having the same problem as the OP. Turning off security doesn't seem a very good option to me.
I think there are two distinct problems.
Firstly, thunderbird can't verify if pluto.adsl24.co.uk is a trusted site. Looking at the certificate itself, most of the fields are marked 'Unknown'. Is the certificate completed properly?

Secondly, even after accepting the certificate permanently, thunderbird doesn't like the fact that the domain name on the certificate is different to the domain entered in account settings (ie. pluto.adsl24.co.uk =/= mail.yourdomain.adsl24.co.uk) . The only solution to that seems to be to disable security in thunderbird.

I'd appreciate another solution though.

What happens if you put "pluto.adsl24.co.uk" as your mail server just as a test.

James

Ok, I turned TLS back on, deleted the certificate from the cache, then changed server from mydomain to pluto.adsl24.co.uk. Thunderbird still has a problem verifying whether the certificate is trustworthy, but after accepting it permanently, there was no issue with the domain name.

Can I keep it on pluto.adsl24.co.uk or will that cause problems with your server?

You may keep it on that until we come up with a permanent fix no problem

Firstly, thunderbird can't verify if pluto.adsl24.co.uk is a trusted site. Looking at the certificate itself, most of the fields are marked 'Unknown'. Is the certificate completed properly?


This is because it's a self signed certificate rather than one issued by one of the trusted root CA's such as Thawte. The certificate is fine and is valid but because it wasn't issued by one of the people in the list of certificate issuers then Thunderbird alerts you to this and asks what you want to do.


Secondly, even after accepting the certificate permanently, thunderbird doesn't like the fact that the domain name on the certificate is different to the domain entered in account settings (ie. pluto.adsl24.co.uk =/= mail.yourdomain.adsl24.co.uk) . The only solution to that seems to be to disable security in thunderbird.


The temporary solution is to use TLS, accept the certificate permanently and click Ok on the warning once per session.

The pluto.adsl24.co.uk is a proper SSL certificate though, valid until 2010. It's not a self-signed one. There is a small misconfiguration issue with that SSL cert wich will be fixed asap.

James

Fair enough. That's not the certificate currently being presented though.

At least I don't think it is when a user has user.adsl24.co.uk as the SMTP name

This issue has existed for several months - see http://www.adsl24.co.uk/forum/showthread.php?t=243. It would be nice if it could be fixed once and for all.

It will be - we've had a lot to do but this is on our list.

James

Has this been fixed yet James?

Very good point. I'll get this sorted asap.

Bear in mind because the certificate is only for pluto.adsl24.co.uk you would need to have your incoming/outgoing mail server set to this.

James

Just to add that I've hit this issue too.
Glad to see that a permanent solution is under discussion! :cool:

Baz.

Is it just me or is this still unfixed? I get this every time I send email and I can't find any way to permanently accept the certificate.