SSL with Thuderbird???? HELP!

Ali195 · 17 Dec 2009 at 11:34

My manager at work has given me the task of the following:

He wants to send an encrypted email to someone via an email client Thunderbird.

My manager said the SMTP goes through 16 forwarding hubs (London, Paris, Manchester to name a few) & doesnt want anyone on those point to be able to read it.

The email address runs off an internal SMTP server (in other words not hotmail, yahoo etc) but that shouldnt make a difference.

The person the other end would also be using an email client but its Outlook.

Is it possible & how complicated is it?

Rainmaker · 17 Dec 2009 at 13:49

TBH I didn't entirely understand your question, but until a guru comes along hopefully the following will be of some use to you.

1) Thunderbird fully supports SMTPS (STARTTLS or SSL/TLS), as well as IMAPS and secure authentication. If the SMTP server at work has SSL running, you'll be able to connect to it and send your mail securely without a problem. Just tell Thunderbird the settings for the server and you're away.

2) It sounds more like you want the email itself to be encrypted. In this case I'd imagine using email certificates (as I do) would be the preferred option. Sign and encrypt the email before sending, and provided the recipient also has a public copy of your certificate you'll be good to go. Nobody can intercept the email en route, at least legibly. Thunderbird also supports this admirably out of the box, and Outlook can also use certificates and decode encrypted emails on the fly once the certificates are installed.

I hope that goes some way to helping you out?

Ali195 · 17 Dec 2009 at 13:59

Rainmaker, thanks a lot for the reply.

Yeah its 2) is what im after.

Rainmaker · 17 Dec 2009 at 14:05

In that case Comodo offer free email SSL certificates, though I'm not sure if they're free for commercial use. You'd have to check. Regardless of where you source them, it's a simple case of installing the cert into Thunderbird and then sending a non-sensitive ("hello" will do), signed but NOT encrypted email to your intended recipient. This gives them a copy of the public part of the cert. Once they've done the same to you (signing an email with their own cert) you can both encrypt and exchange emails easily. It's not as much hassle as it might sound.

Import cert, send signed mail, get signed reply, keys have now been exchanged, done. Encrypt and trade secure emails at will.

To import the certs to begin with, in Thunderbird 3 it's Tools > Options > Advanced > Certificates. View Certificates > Your Certificates > Import. Follow the prompts. Easy. Thunderbird 2 is almost identical. Just don't forget that you need to tell Thunderbird to encrypt EVERY email, it won't do it automatically!! Actually there is an option for this, but unless EVERY recipient you ever email also has secure email, they won't be able to read what you send them so stick to doing it manually.

Ali195 · 17 Dec 2009 at 14:25

- Small world because he uses Comodo Firewall (not anti-virus). I will look into this at home & duplicate it on his work machine. :cool:

Rainmaker · 17 Dec 2009 at 15:29

OK mate, have fun. Also, fwiw, as I said I use secure email inside Thunderbird already. If you'd like to use me to 'practice' on (i.e. swapping certs, sending encrypted emails) feel free to drop me an email.

lee at rainmakerkennels dot co dot uk

Cheers.