Posts about thunderbird

New maintainers needed for the Thunderbird Lookout Fix-version add-on

Lookout!

In august 2018 I took over maintenance of the Thunderbird addon Lookout-fix-version. I soon set up a the Github Organization TB-throwback so that future development can be expanded and transferred easier if I stop work on it.

LookOut Fix-Version is a plugin which allows Thunderbird to interface with Microsoft’s mail tools by decoding metadata and attachments encapsulated/embedded in a TNEF (Transport Neutral Encapsulation Format) encoded attachment (aka winmail.dat).

Transport Neutral Encapsulation Format or TNEF is a proprietary email attachment format used by Microsoft Outlook and Microsoft Exchange Server. An attached file with TNEF encoding is most often named winmail.dat or win.dat, and has a MIME type of Application/MS-TNEF. The official (IANA) media type, however, is application/vnd.ms-tnef. Source: https://en.wikipedia.org/wiki/Transport_Neutral_Encapsulation_Format

Unfortunately I had to stop working on Lookout a while ago because my employer switched us back to Outlook leaving me with no company time to maintain the project any more. The last major release of Thunderbird I received a lot of help from the TB team's John Bieling to bootstrap a workaround to get things rolling again, now Thunderbird 91 is coming and it's another case of the old xul add-ons not working in the webextension world.

After receiving no takers to my maintainer request over on the mailing list I have decided if I am unable to locate new maintainers I will archive the project on Github. I hope the Thunderbird devs finally assign Bug 77811 to someone as I know that proper integration for decoding TNEF emails was added to the roadmap, however in the meantime you are interested in updating the project please let me know as I'll actively be monitoring the Github project and the issue calling for new maintainers


Need new Lookout Maintainer

I'm currently seeking a new maintainer for the Lookout (fix version) add-on for Thunderbird.

It looks like I won't be supporting Thunderbird for much longer and instead will be stuck supporting Outlook again. This means my development time will be severely limited and with the recent move to drop legacy add-on support I'm afraid I won't be able to keep up.

If you are interested in development let me know either in the comments below, through the email [email protected] or ideally opening a pull request with code changes to the github repository


Lookout Fix Version - v2.0.00b1 Call for Testers

Lookout!Unfortunately Microsoft Email servers still to this day send emails out in the proprietary TNEF format (We see this as a plain text email with a winmail.dat attachment). The Lookout (fix version) add-on decodes this attachment so you may open the attached files.

I've just published the V2.0.00 for the Thunderbird plugin Lookout (fix Version). This is an update for the coming versions of Thunderbird that significantly change how addons are implemented.

There are some known visual glitches and the debugging logs currently do not work, however attachments should de-code and save as expected. I would appreciate any testers to give it a shot.


Lookout Fix Version - v 1.3.00 Released

Lookout!Unfortunately Microsoft Email servers still to this day send emails out in the proprietary TNEF format (We see this as a plain text email with a winmail.dat attachment). The Lookout (fix version) add-on decodes this attachment so you may open the attached files.

I've just published the V1.3.00 for the Thunderbird plugin Lookout (fix Version). I have done a fair amount of work on quality of life changes to make it a bit more user friendly.

Have a look at my previous post on how I took up the maintenance of this very useful plugin if you want to know more about the history of the project.

New in version 1.3.00

  • Attachment drag and drop support
  • Optionally remove winmail.dat file when finished processing. This is in options and defaults to true
  • Fix attachment pane opening and closing, respects inbuilt Thunderbird preferences
  • Ignore blank VCF files to minimize clutter
  • Highlight event invitations - To be expanded to full lightning integration

Note: There are future plans to replace the plain text with the attached HTML file (body_part_0.html) that newer exchange servers include in the winmail.dat file.


Lookout-fix-version v1.2.25

Lookout! I have just published the latest release for the Thunderbird plugin Lookout-fix-version.

This is a bug fix issue

Fixes are for the ics parsing

Added quick decompose_rfc822_address sanity check

Occasionally a phrase without any email addresses is used in the attendee fields and this can cause the complex regex in the decompose_rfc822_address function to freeze. As I couldn't come up with a sensible alternative (primarily due to lack of windat samples) I added a simple sanity check prior to the regex.

Added special character skip for ICS attendee data

Occasionally a special non printing character will be decoded, x20 to x7E, causing the ics file to become unreadable. Lookout now ignores these invalid fields.

Added zero( 0 ) UID check

Sometimes the UID will be decoded as 0 rather than null, if this happens lookout will now attempt one of the other UID methods as intended.

You can download this update from the Github Release page or the Thunderbird addon page


LookOut fix version

Lookout!

In august 2018 I took over maintenance of the Thunderbird addon [Lookout-fix-version][e7c45433]. I soon set up a the Github Organization TB-throwback so that future development can be expanded and transferred easier if I stop work on it.

It's been an interesting experience managing a small project that's over 11 years old. Especially with all the changes and rapid development Thunderbird has been going experiencing now it's separated from Mozilla.

Why did I take over?

I needed to move my office away from Outlook 2010. I had no budget to upgrade the office software, but I couldn't allow the company to keep limping along with a 9 year old product.

Thunderbird to the rescue! Except...

TNEF files, supposedly a thing of the past. Even Microsoft recommends you NOT to send such files. But we have to work with people who don't upgrade and pay the lowest bidder to configure their exchange servers.

Unfortunately the original Lookout was at this point unmaintained and severly out of date similarly Lookout+ and Lookout-fix-version hadn't seen any updates in a long time. luckily Oleksandr was still contactable via the support email and was happy to add me as a developer on the ATN page.

My first change was a simple modification to the preferences css to fix changes in Thunderbird 59. I've since been working on adding debugging, improving performance, squashing bugs and generally attempting to learn how everything is strung together.

Original TNEF file with extracted attachments

I plan on porting the addon to a webextension in the coming months to ensure we have this useful addon for many years to come.


Are Email Clients Insecure?

@bryanleeward asked on the thunderbird discourse:

PLEASE HELP… this effects many Thunderbird & gmail users:

Every few months I get “Security” alerts from Google re my gmail Security Settings, saying: “Turn off less secure access.” IF I do that, then I can’t boot Thunderbird! I’ve had same problem with Thunderbird-gmail using Debian, Trisquel, and Ubuntu.

Yet ironically, when I receive these Google alerts, Thunderbird gives also gives me a warning - “To protect your privacy, Thunderbird has blocked remote content in this message.”

IE to get Thunderbird and gmail to work together, I have to disregard BOTH your security alerts! WHY?.. but more importantly:

  1. Is there a way to keep max Google Security Settings AND still use Thunderbird?
  2. Is Thunderbird really less secure, even with other email systems?

Thanks for any help, Bryan

Google considers all 3rd party access to email i.e. Thunderbird, Outlook ect to be Less secure than the web interface. This is both correct and incorrect depending on your situation. Google’s max security disables 3rd party access to your emails, this allows them to: block bad IP’s, use two factor auth and use browser fingerprinting to detect illegitimate access.

Thunderbird is not insecure at all. Google just want’s the majority of users to go through a more limited access method.

I don’t ever see such emails because I enabled two factor auth and use an app password with a limited scope to the Mail app. Consider going this route if it concerns you.

Thunderbird blocks remote content. I.e. it stops images and other files from being loaded from the internet when viewing an email. As email is mostly html automatically loading images from the web is not a great idea security wise. Initially this will be a pain point but you eventually build up a white-list of legitimate remote content, nice and secure.

I recommend using the allow from domain names rather than sender address as that’s harder to spoof than an email address: