Skip to main content

Posts about thunderbird

Lookout Fix Version - v 1.3.00 Released

Lookout!Unfortunately Microsoft Email servers still to this day send emails out in the proprietary TNEF format (We see this as a plain text email with a winmail.dat attachment). The Lookout (fix version) add-on decodes this attachment so you may open the attached files.

I've just published the V1.3.00 for the Thunderbird plugin Lookout (fix Version). I have done a fair amount of work on quality of life changes to make it a bit more user friendly.

Have a look at my previous post on how I took up the maintenance of this very useful plugin if you want to know more about the history of the project.

New in version 1.3.00

  • Attachment drag and drop support
  • Optionally remove winmail.dat file when finished processing. This is in options and defaults to true
  • Fix attachment pane opening and closing, respects inbuilt Thunderbird preferences
  • Ignore blank VCF files to minimize clutter
  • Highlight event invitations - To be expanded to full lightning integration

Note: There are future plans to replace the plain text with the attached HTML file (body_part_0.html) that newer exchange servers include in the winmail.dat file.


LookOut fix version

Lookout! In august 2018 I took over maintenance of the Thunderbird addon Lookout-fix-version. I soon set up a the Github Organization TB-throwback so that future development can be expanded and transferred easier if I stop work on it.

It's been an interesting experience managing a small project that's over 11 years old. Especially with all the changes and rapid development Thunderbird has been going experiencing now it's separated from Mozilla.

Why did I take over?

I needed to move my office away from Outlook 2010. I had no budget to upgrade the office software, but I couldn't allow the company to keep limping along with a 9 year old product.

Thunderbird to the rescue! Except...

TNEF files, supposedly a thing of the past. Even Microsoft recommends you NOT to send such files. But we have to work with people who don't upgrade and pay the lowest bidder to configure their exchange servers.

Unfortunately the original Lookout was at this point unmaintained and severly out of date similarly Lookout+ and Lookout-fix-version hadn't seen any updates in a long time. luckily Oleksandr was still contactable via the support email and was happy to add me as a developer on the ATN page.

My first change was a simple modification to the preferences css to fix changes in Thunderbird 59. I've since been working on adding debugging, improving performance, squashing bugs and generally attempting to learn how everything is strung together.

Original TNEF file with extracted attachments

I plan on porting the addon to a webextension in the coming months to ensure we have this useful addon for many years to come.


Are Email Clients Insecure?

@bryanleeward asked on the thunderbird discourse:

PLEASE HELP… this effects many Thunderbird & gmail users:

Every few months I get “Security” alerts from Google re my gmail Security Settings, saying: “Turn off less secure access.” IF I do that, then I can’t boot Thunderbird! I’ve had same problem with Thunderbird-gmail using Debian, Trisquel, and Ubuntu.

Yet ironically, when I receive these Google alerts, Thunderbird gives also gives me a warning - “To protect your privacy, Thunderbird has blocked remote content in this message.”

IE to get Thunderbird and gmail to work together, I have to disregard BOTH your security alerts! WHY?.. but more importantly:

  1. Is there a way to keep max Google Security Settings AND still use Thunderbird?
  2. Is Thunderbird really less secure, even with other email systems?

Thanks for any help, Bryan

Google considers all 3rd party access to email i.e. Thunderbird, Outlook ect to be Less secure than the web interface. This is both correct and incorrect depending on your situation. Google’s max security disables 3rd party access to your emails, this allows them to: block bad IP’s, use two factor auth and use browser fingerprinting to detect illegitimate access.

Thunderbird is not insecure at all. Google just want’s the majority of users to go through a more limited access method.

I don’t ever see such emails because I enabled two factor auth and use an app password with a limited scope to the Mail app. Consider going this route if it concerns you.

Thunderbird blocks remote content. I.e. it stops images and other files from being loaded from the internet when viewing an email. As email is mostly html automatically loading images from the web is not a great idea security wise. Initially this will be a pain point but you eventually build up a white-list of legitimate remote content, nice and secure.

I recommend using the allow from domain names rather than sender address as that’s harder to spoof than an email address: