[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

torbirdy replacement

/etc/thunderbird/pref/40_thunderbird.js already includes:

// Disable Autocrypt by default for new accounts (#16222).
// This does not change anything for accounts that were created before.
pref("mail.server.default.enableAutocrypt", false);

Duplication inside https://gitlab.tails.boum.org/tails/tails/-/blob/master/config/chroot_local-includes/usr/local/bin/thunderbird could be legacy from previous implementation / a bug? Or perhaps their function set_mozilla_pref allows users to not-enforce this setting? Either way. Seems done.

1 Like

Tested updated anon-apps-config

Problems I saw:

  • Account wizard has IMAP pre-selected by default. Maybe this pref doesn’t take effect until the patched Thunderbird lands in Debian?
    I want to include the non-scripted pref version in pref.js meanwhile.
    Does the scripted pref translate to pref("extensions.torbirdy.defaultprotocol", 0); ?

  • Drafts are not saved locally when IMAP is used. thundebird.cfg seems to be overrode with the string value in about:config showing mail.identity.id1.draft_folder;imap://RemoteServer.com/Drafts and not mail.identity.id1.draft_folder;mailbox://nobody@Local%20Folders/Drafts

1 Like

Turns out I have to reinstall Thunderbird from scratch on a fresh snapshot, every time I want to play with config settings otherwise they would not take effect even after an apt-get purge.

I removed the settings that block Enigmail from working and this resolves the main blocker I ran into.

Now I have to troubleshoot the prefs that would make local drafts work.

1 Like

Yes.
(For persistent Tails.)
(But we should always default to POP therefore this is good.)

Please do.

Possible. I don’t know how often that folder is parsed. Only first start vs every start. Perhaps even a setting influences this.

Fresh snapshot is a bit too much effort. Can be easier.
In abstract terms “Any previous state of Thunderbird must be deleted.”
“If it requires a fresh snapshot then you don’t know all the places yet where the application stores state.”
Exceptions [1] (which don’t apply here) aside, the only place where non-root applications can write data is the home folder. [2]
In practical terms: terminate thunderbird + delete thunderbird user data folder.

WARNING: deletes all Thunderbird user data

rm -r .thunderbird

In case you don’t know what the user data folder is… How would I know where XFCE stores any settings? I don’t. I am not an oracle either. Even if I’d know, I’d forget in a year from now.
abstract: “Make a snapshot of the home folder and compare before/after first start of application.”
practical: I recommend to Put home folder under Git Version Control.


[1] Exceptions would be suid and sudoers exceptions which there is no need for in case of browser / mail client user data.
[2] And /tmp and perhaps folders chown’ed to user during package installation but any sane design won’t persist settings from there

1 Like

Now in Whonix testers repository.

2 Likes
1 Like

Discovered that the thunderbird.cfg file had to be activated from pref.js. I tested it and local Drafts now work:

// Loading the lock file: http://kb.mozillazine.org/Lock_Prefs
pref("general.config.filename", "thunderbird.cfg");

Tails activate the lock prefs in /usr/share/thunderbird/defaults/pref/autoconfig.js vs prefs/thunderbird.js. Which one should we go with?

https://git-tails.immerda.ch/tails/tree/config/chroot_local-includes/usr/share/thunderbird/defaults/pref/autoconfig.js?id=0566449b05d05b3cc687b49e678da3c466a649e8

In this ticket about default POP, they say the default protocol patch never worked and they removed the code. Let me know if this is your interpretation. Probably I should rip it out because it is obsolete:

https://git-tails.immerda.ch/tails/diff/config/chroot_local-patches/thunderbird_default_to_IMAP.diff?id=0566449b05d05b3cc687b49e678da3c466a649e8

Also what port number for socks proxy should I assign TB? OK to leave the proxy IP at 127.0.0.1?


Commit of major rewrite of custom Tails Thunderbird code:

https://git-tails.immerda.ch/tails/commit/?id=0566449b05d05b3cc687b49e678da3c466a649e8

1 Like

Since we already have /etc/thunderbird/pref/40_thunderbird.js using same file would make sense.

Or keep /etc/thunderbird/pref/40_thunderbird.js as is (original by Tails) and add /etc/thunderbird/pref/40_anon-apps-config-something.js. (replace something)

Other answer: whatever works.

9102

( https://gitlab.com/whonix/anon-gw-anonymizer-config/-/blob/master/usr/share/tor/tor-service-defaults-torrc.anondist#L103 )

Yes.

This is now in Whonix testers repository.

1 Like

Done. We now have a functional and private Torbirdy successor TB.

2 Likes

This is now in Whonix testers repository.

Awesome! Great work!

2 Likes

Also in stable-proposed-updates Whonix repository for a few days now.

2 Likes

How can I download the thunderbird package with torbirdy from the Whonix repository?

This is available in all Whonix repositories.

Quote Whonix / Kicksecure 15.0.1.4.8 - for VirtualBox - Point Release!

Thunderbird protocol level leak prevention. Replacement for what previously was done by torbirdy. See torbirdy deprecated - replacement required . Ported from Tails to anon-apps-config. Credits: Thanks to Tails for the torbirdy replacement. Thanks @HulaHoop for the port to anon-apps-config.

I at first posted this into the support section - but I don’t need support for this and as the wiki points for reports to the forum in general and I’m not sure about usual practice, I decided to repost it here, as it seems related.

The standard Thunderbird network configuration 127.0.0.1:9102 should be redirected by anon-ws-disable-stacked-tor to 10.152.152.10:9102, but it isn’t in 15.0.1.4.9.libvirt for me.

UWT_DEV_PASSTHROUGH=1 curl 127.0.0.1:9102 responds with curl: (7) Failed to connect to 127.0.0.1 port 9102: Connection refused

No file for the 9102 port in /lib/systemd/system/ gets created.

So Thunderbird doesn’t work with the pre-configured settings. Setting it to 10.152.152.10 obviously ‘fixes’ it. As the redirection got added in this thread, I thought it might be relevant.

If you deem my current other problems causing this (Flushing iptables once, else no connection), then please feel free to delete/ignore this post.

1 Like

No it’s its own problem. I’ve seen reports about it on Twitter. @Patrick is there a better option that disabling this option altogether? I’d prefer getting stream isolation sorted out for it if possible.

1 Like

Temporary fix which users can run inside Whonix-Workstation:

sudo /usr/lib/anon-ws-disable-stacked-tor/systemd-unit-files-generator

Package fix will come later through upgrades:

2 Likes
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]