Hi all,

So I have now managed to get the mail server up and running using my own domain via a dns management service online and and MX record going to my server here at home and using postfix and dovecot.

When I try to get my thunderbird / outlook up and running I am getting the "certificate exception" window popping up. I dont want to make a certificate exception. I want to get my certs validated and all communicating as it should.

I've following the encryption setup using this url:

But now I am totally stuck on what to do. Can someone point me in the right direction on how to maybe make thunderbird / outlook see my certs or how to create them properly?

Any help would be very useful.

Thanks all

I've recently set up a new system using a similar configuration (Postfix&Dovecot). I've followed this tutorial under Debian lenny: http://workaround.org/ispmail/lenny/authenticated-smtp.

If you have properly created the certificate, declared it in the conf files of Postfix and Dovecot, and configured the first one in order to use TLS, you should have no problems. Maybe you have to force Thunderbird to remember the certificate security exception (because the mail program cannot trust it, this is normal). Can you correctly fetch mail via POP/IMAP?

So Thunderbird will not ever trust a certificate from my mail server? Not even if I export one from the server and import it to my everyday pc?

Yeah I can get mail as normal but that is with the exceptions put in place. I am trying to get around the exceptions to have a fully functional mail server and pc's connected to it securely.

But saying that.... I can quite easily live with having the exceptions if ANYONE knows how to add the same exceptions using MS outlook 2010 which is what the wife uses and gets asked to install the certs every time she fires up outlook. Its just that when we try to install it, it doesnt make any difference. We close the program and its back again on the next startup.

Any suggestions would be great (apart from telling her to use Linux!! Trust me I have tried that hehehe!)

It will trust it blindly when you tell it to do so, the fisrt time. Then it won't ask again. This is the way you put the exception.

I don't personally use this program. But old versions give permanent problems with certificates. IMHO, a bad program.

Install Thunderbird for Windows in that PC and transfer the mail.

Hmmm not really an option. She is a true windows believer and stuck in her ways.


Is there a way of turning off the certificates from within my network? So when a new mail reaches my mail server, the mail gets assigned to its user mailbox etc etc and when someone logs in within the LAN it just uses a basic connection to retrieve and send and is only encrypted when it hits the mail server and back out to the internet.

What you say is interesting, but I don't know if this can be done.

So I'm wondering if its possible

Did you mean to say "she's a MS believer", as Thunderbird is ported to Windows (so to speak, don't really know which came first, but I'd bet it was windows and then LINUX...someone care to lend their historical development knowledge of firefox and thunderbird?)
Try harder to convince her that there is a similar way to get her mail.
At least it works for me; I push people away from MS all the time. As the saying goes, "...you can't please all the people all the time...".
Reminds me of working at a jr. college in the '90s...running the business studies division labs. 120 pc's, over 30 softwares to know and keep up with. You can't allow every tom, dick or harry to direct what software is used (or taught). This is why successful computer services in organizations DICTATE what users ARE allowed.
Eat crow dude. : )
Thanks for the responses as I found them helpful.

And it could be done in an accessible and free environment which is not bothering you all the time with repetitive warnings.

Let her try the program, and in the case that she's not using Outlook components (like the calendar or other utilities that bind the user in a particular software environment (I mean programs to which the user is used to, programs used in the everyday life, for example, to sync appointments with the mobile phone) you have almost won the battle. This is the main argument users tell me when I suggest them to quit Outlook.

Unfortunately she uses the whole package... she's a chartered accountant and uses all the calendar, reminders, sync etc etc components within her normal day. So I do get her point on that aspect as I have never been able to get my google calendar appointments to work with Thunderbird since v3+ has been rolled out. But thats another story.

I have now put win7 and outlook 2010 on a VM so am testing how I can get around this issue. Oh the fun!!


Cheers