Originally Posted by lucidoobe
Well, I can state definitely that STARTTLS was working on TPG IMAP server before the false email with all their headings nullified it after I tried forwarding to them. Then one by one, all PC's on the home LAN failed STARTTLS, like it followed across from the NAS. I have workable email however, but there's a big question mark as to what happened?
I don't understand what the NAS has to do with anything. Is your Thunderbird profile stored on the NAS, and all PCs on your network are using the same profile location? If that's the case, then it makes sense that any changes you make to the profile will reflect across all Thunderbird installations that use the same profile location. If that is not the case, and each PC has its own local profile in use by Thunderbird, then the one change that affects all PCs in this context is the version of Thunderbird (nightly build), which brings me to the question I've been meaning to ask. Why are you running the daily/nightly build of Thunderbird instead of the release build? What do you hope to achieve by using this build and do you understand the implications of using the nightly build? If you're not beta-testing Thunderbird, then running a nightly build may not be the best decision because you don't seem prepared to handle unexpected changes in how Thunderbird works as it gets updated daily/nightly.
Like I said before, Thunderbird must have changed how it implements STARTTLS. By the way, STARTTLS is NOT an encryption protocol like you seem to think. It is simply a COMMAND that is used to upgrade a connection from a plain-text insecure one to an encrypted secure one IF SUPPORTED by the target (ISP) server.
When you set Thunderbird's security option to STARTTLS, you are not telling it to specifically use a secure connection, you're simply telling it to issue the STARTTLS command to the target server, which basically asks the server whether it supports a secure connection, and which encryption protocol it supports (SSL, TLS or none).
If the server responds positively, saying it supports a secure connection, then the client goes ahead to upgrade the connection to a secure one, using the protocol that the server says it supports.
If the server responds negatively, saying it doesn't support a secure connection, then the client will either stop
further insecure communication with the server or will just continue
using the insecure connection to communicate with the server. This behaviour will differ from one client to another, and between different versions of the client
How the client implements STARTTLS is beyond your control. Maybe Thunderbird is taking security a notch higher by stopping further insecure communication when the target server responds negatively to the STARTTLS command, hence why the STARTTLS setting is not working for you anymore. Also, remember, that even though the STARTTLS setting worked before, it doesn't mean that Thunderbird was using a secure connection. Like I said, STARTTLS is not an encryption protocol itself. It's just a command that is issued by the client to the server. Since your ISP evidently doesn't yet support secure communications, then Thunderbird has all along been using an insecure connection to talk to your ISP's server. There's nothing you can do to force the ISP server to use a secure connection IF it DOESN'T support it. Read more about STARTTLS here https://www.limilabs.com/blog/ssl-vs...-starttls-stls
to better understand what it is.
Your screenshots show you have multiple outgoing servers configured, and the default one is using port 465 instead of 25. TPG says the port to use is 25. Where did you get the 465 from? Is there another source of information with the secure settings for TPG email that we're not aware of? Stick to what is officially supported by your ISP, or migrate to a more secure email provider. I find it preposterous that a whole ISP does not support secure communications, unless it's a premium feature that you need to pay extra for. Please ask TPG, they are better placed to clarify this because all we have is what is publicly and officially available on their website. Insecure settings are working, and it's what TPG says to use. This is NOT a Thunderbird issue, nor the NAS' nor malware. If you're in doubt, run a full scan of the NAS.