It appears that a Thunderbird 3.1 release (probably 3.1.1) introduced a change that has caused at least one entry in our UVM ISP Hook file to become invalided. Two alert distributed support staff recently reported that the SMTP Server that our installer configures now is set to perform plain-text authentication over an unencrypted channel rather than using STARTTLS.
We know that this setting was correct in the past, and we see that it still is set in our ISP profile… Thunderbird simply is ignoring the setting.
Fortunately, there is a workaround for this setting. We can modify the “mailnews.js” file in the installer to have the default value for “try_ssl” set to “2” instead of the original default of “0”. All I had to do was add a line of “sed” work to our build script:
..\bin\sed.exe --binary "s/try_ssl\", 0)/try_ssl\", 2)/" .\build\nonlocalized\defaults\pref\mailnews_new.js MOVE /Y .\build\nonlocalized\defaults\pref\mailnews_new.js .\build\nonlocalized\defaults\pref\mailnews.js
This “sed” command searches for the phrase
try_ssl", 0 and substitutes
try_ssl", 2 . After repackaging, we find that the first SMTP server account created after install (which is therefore the default SMTP account) will be set to use “STARTTLS” instead of “clear text”.
I worry about future unannounced retirements of ISP Hook settings.