The Unofficial Guide to Configuring Thunderbird for
Mozilla Thunderbird is not supported by the Computing Services Help
many people want to use it anyway. The following instructions
should work, but I don't make any guarantees, nor can I provide any
These instructions were created and tested on OS X
10.4.4. The instructions should also work for Windows but see the footnote.
These instructions assume you have already installed Kerberos
for Mac or Kerberos
for Windows. If you haven't done so, follow
that link for your operating system, and install it now.
You will also need to download copies of the CMU Certificate Authority root
Regardless of what that page says, you should
download the vertificates under the All
operating systems EXCEPT Mac:" heading. Right click on both the 2001
and 2005 server certificate links, and save them to your local machine.
the 2001 certificate is currently in the wrong format for Thunderbird
to import. Don't do it, it will cause Thunderbird to crash on
startup if you do so. I am working on correcting this on the
webserver side. -jeaton)
and install it. On Mac OS X, Thunderbird is distributed as a
disk image (DMG). Simply double-click the DMG to mount it,
and drag the Thunderbird application to your Applications folder. On Windows, you will need to run the installer.
Run Thunderbird. Assuming this is the first time you have run it,
you should see the following:
Nice how Thunderbird helpfully offers to not import anything for you (This may be different on Windows).
Click continue to bypass this useless dialog.
Leave "Email account" selected, and click continue.
Enter your name and email address. This is the name and email
address which will be put in the From line of any email you send.
If you prefer to use your @CMU.EDU address, you can enter it
Choose "IMAP", and enter "cyrus.andrew.cmu.edu" for your incoming mail
server, and "smtp.andrew.cmu.edu" for your outgoing mail server.
You should enter your Andrew User ID in both fields, if it is not
already there, and click Continue.
You can enter a more descriptive name here if you like, or just accept
the default and click Continue.
The settings should look like this. Go ahead and click done.
Thunderbird should then prompt you for your password.
enter your password here.
To repeat, DO
NOT enter your password here. If you do so, it
will be sent across the network insecurely. Just click cancel, and
Thunderbird will take you to the default view. From the Tools
menu, select "Account Settings". In the settings window that
appears, select "Server Settings":
Under "Security Settings", change to the "SSL" option. Check
the "Use secure authentication" checkbox. You should also
change the drop down for "When I delete a message" to "Mark it as
deleted", which is how most IMAP clients behave.
Select the "Security" section:
Click on the "View Certificates" button to bring up the Certificate
Select the "Authorities" tab, and click "Import". Find the
"CMU-CA-Server-x509.crt" file you downloaded earlier, and
click open to import it. Check the box next to
"Trust this CA to identify web sites", and click OK. Do the
same for "CMU-CA-Server-2.crt". Click OK to close the
Choose the "Outgoing server (SMTP)" section:
Click "Edit..." to edit the settings for smtp.andrew.cmu.edu.
Change the port to 587, make sure "Use name and password" is checked
and your Andrew User ID is in the User Name field and check the TLS
radio button. Once all of those are set, click OK to save the
settings, and click OK again to close the Account Settings
Now choose "Preferences" under the Thunderbird menu, and select the
Choose the Addressing tab. Check the box next to "Directory
Server", and click "Edit Directories".
Click "Add" to add the LDAP server settings.
Fill in the fields on the General tab as above. Enter "CMU"
for the name, "ldap.andrew.cmu.edu" for the hostname,
"ou=person,dc=cmu,dc=edu" for the Base DN, and 389 for the port number.
Don't check the "SSL" checkbox here, because our LDAP server
doesn't support that. Choose the Advanced tab:
Change the Scope to "One Level", and enter "(cmuActiveDN=*)" for the
Search filter. (This search filter will make sure the LDAP
server only returns currently active accounts and not accounts for
people who have recently left the university but are still listed in
Click OK to save the directory server settings. Footnote.
Everything should now be set up to use Cyrus correctly.
- Thunderbird for windows
requires an additonal setting to make Kerberos work with our server.
Under the Tools menu, select Options. In the Advanced
section, under General, click on Config Editor. Set the
preference named network.auth.use-sspi to the value false.
This will force Thunderbird to use Kerberos for Windows, instead
of the Microsoft SSPI implementation which does not work in our
- In some instances,
address auto-completion doesn't work in
the compose window. If that is the case, you will need to
edit preferences manually. To do so, open the Preferences
under the Thunderbird window, and choose the Advanced section, General
tab, and click Config Editor. Set the preference name ldap_2.autoComplete.directoryServer
to the value ldap_2.servers.CMU.