Whonix Wiki Download Docs News Support Tips Issues Contribute DONATE

torbirdy replacement

/etc/thunderbird/pref/40_thunderbird.js already includes:

// Disable Autocrypt by default for new accounts (#16222).
// This does not change anything for accounts that were created before.
pref("mail.server.default.enableAutocrypt", false);

Duplication inside https://gitlab.tails.boum.org/tails/tails/-/blob/master/config/chroot_local-includes/usr/local/bin/thunderbird could be legacy from previous implementation / a bug? Or perhaps their function set_mozilla_pref allows users to not-enforce this setting? Either way. Seems done.

1 Like

Tested updated anon-apps-config

Problems I saw:

  • Account wizard has IMAP pre-selected by default. Maybe this pref doesn’t take effect until the patched Thunderbird lands in Debian?
    I want to include the non-scripted pref version in pref.js meanwhile.
    Does the scripted pref translate to pref("extensions.torbirdy.defaultprotocol", 0); ?

  • Drafts are not saved locally when IMAP is used. thundebird.cfg seems to be overrode with the string value in about:config showing mail.identity.id1.draft_folder;imap://RemoteServer.com/Drafts and not mail.identity.id1.draft_folder;mailbox://nobody@Local%20Folders/Drafts

1 Like

Turns out I have to reinstall Thunderbird from scratch on a fresh snapshot, every time I want to play with config settings otherwise they would not take effect even after an apt-get purge.

I removed the settings that block Enigmail from working and this resolves the main blocker I ran into.

Now I have to troubleshoot the prefs that would make local drafts work.

1 Like

(For persistent Tails.)
(But we should always default to POP therefore this is good.)

Please do.

Possible. I don’t know how often that folder is parsed. Only first start vs every start. Perhaps even a setting influences this.

Fresh snapshot is a bit too much effort. Can be easier.
In abstract terms “Any previous state of Thunderbird must be deleted.”
“If it requires a fresh snapshot then you don’t know all the places yet where the application stores state.”
Exceptions [1] (which don’t apply here) aside, the only place where non-root applications can write data is the home folder. [2]
In practical terms: terminate thunderbird + delete thunderbird user data folder.

WARNING: deletes all Thunderbird user data

rm -r .thunderbird

In case you don’t know what the user data folder is… How would I know where XFCE stores any settings? I don’t. I am not an oracle either. Even if I’d know, I’d forget in a year from now.
abstract: “Make a snapshot of the home folder and compare before/after first start of application.”
practical: I recommend to Put home folder under Git Version Control.

[1] Exceptions would be suid and sudoers exceptions which there is no need for in case of browser / mail client user data.
[2] And /tmp and perhaps folders chown’ed to user during package installation but any sane design won’t persist settings from there

1 Like

Now in Whonix testers repository.

1 Like

Discovered that the thunderbird.cfg file had to be activated from pref.js. I tested it and local Drafts now work:

// Loading the lock file: http://kb.mozillazine.org/Lock_Prefs
pref("general.config.filename", "thunderbird.cfg");

Tails activate the lock prefs in /usr/share/thunderbird/defaults/pref/autoconfig.js vs prefs/thunderbird.js. Which one should we go with?


In this ticket about default POP, they say the default protocol patch never worked and they removed the code. Let me know if this is your interpretation. Probably I should rip it out because it is obsolete:


Also what port number for socks proxy should I assign TB? OK to leave the proxy IP at

Commit of major rewrite of custom Tails Thunderbird code:


1 Like

Since we already have /etc/thunderbird/pref/40_thunderbird.js using same file would make sense.

Or keep /etc/thunderbird/pref/40_thunderbird.js as is (original by Tails) and add /etc/thunderbird/pref/40_anon-apps-config-something.js. (replace something)

Other answer: whatever works.


( https://gitlab.com/whonix/anon-gw-anonymizer-config/-/blob/master/usr/share/tor/tor-service-defaults-torrc.anondist#L103 )


This is now in Whonix testers repository.

1 Like

Done. We now have a functional and private Torbirdy successor TB.


This is now in Whonix testers repository.

Awesome! Great work!


Also in stable-proposed-updates Whonix repository for a few days now.


How can I download the thunderbird package with torbirdy from the Whonix repository?

This is available in all Whonix repositories.

Quote Whonix / Kicksecure - for VirtualBox - Point Release!

Thunderbird protocol level leak prevention. Replacement for what previously was done by torbirdy. See torbirdy deprecated - replacement required . Ported from Tails to anon-apps-config. Credits: Thanks to Tails for the torbirdy replacement. Thanks @HulaHoop for the port to anon-apps-config.

I at first posted this into the support section - but I don’t need support for this and as the wiki points for reports to the forum in general and I’m not sure about usual practice, I decided to repost it here, as it seems related.

The standard Thunderbird network configuration should be redirected by anon-ws-disable-stacked-tor to, but it isn’t in for me.

UWT_DEV_PASSTHROUGH=1 curl responds with curl: (7) Failed to connect to port 9102: Connection refused

No file for the 9102 port in /lib/systemd/system/ gets created.

So Thunderbird doesn’t work with the pre-configured settings. Setting it to obviously ‘fixes’ it. As the redirection got added in this thread, I thought it might be relevant.

If you deem my current other problems causing this (Flushing iptables once, else no connection), then please feel free to delete/ignore this post.

1 Like

No it’s its own problem. I’ve seen reports about it on Twitter. @Patrick is there a better option that disabling this option altogether? I’d prefer getting stream isolation sorted out for it if possible.

1 Like

Temporary fix which users can run inside Whonix-Workstation:

sudo /usr/lib/anon-ws-disable-stacked-tor/systemd-unit-files-generator

Package fix will come later through upgrades:


Is this file still useful/required? @HulaHoop (since you originally added that)

(Came up due to [Resolved] Thunderbird mail.server.server1.check_new_mail Preference Locked in Whonix Workstations)

I think he just kanged it from https://gitlab.tails.boum.org/tails/tails/-/commits/stable/config/chroot_local-includes/usr/lib/thunderbird/thunderbird.cfg.

Commit log says @intrigeri on the Tails gitlab wrote that. Maybe ask him?

EDIT: Linked the relevant file

Tails still has config/chroot_local-includes/usr/lib/thunderbird/thunderbird.cfg · master · tails / tails · GitLab

Unlikely that someone from Whonix will do this. So if you don’t do it, most likely won’t happen.

1 Like

Yes it is the setting that forces TB to use local drafts folders instead of those on the server. It’s an important privacy setting.