Avira Antivirus E-Mail “security”

The current Avira Antivirus has got a module it calls “Internet security” which in turn has an option for e-mail security.

What it does is capturing all connections to POP3, IMAP and SMTP servers and scanning them for viruses. That sounds good until you find, that your e-mail client stopped working even though you haven’t changed anything in its configuration.

Why is that? It’s because of this e-mail “security” feature. If you are using encrypted transport (START TLS or SSL/TLS), Avira cannot read the traffic and blocks it! This is so stupid, there must be an award for it somewhere.

To work around this, you can of course

  • disable the e-mail security feature
  • disable transport encryption

The first has the drawback that Avira now complains that your computer is not secure. The second has the drawback that your e-mails can be read by everybody who can access your connection to the server. So both options aren’t really solutions. If Avira forces you to do that (e.g. if the following doesn’t work for you because your mail server does not have alternative ports for encrypted connections), your computer is actually less secure than without Avira e-mail “security”.

Then there is the third option: Don’t use the default SMTP (25), POP3 (110) and IMAP (143) ports but use different ones, e.g. the ones that are reserved for encrypted transports:

  • SMTPS: 465
  • POP3S: 995
  • IMAPS: 993

Unfortunately that means your mail servers must support these protocols / ports. E.g. if you are using postfix you have to change / uncomment the following lines in the /etc/postfix/master.cf file:

smtps     inet  n       -       -       -       -       smtpd
#  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes

And, or course, restart postfix.

The same applies to your POP3 or IMAP server.

If you can’t do that and your e-mail provider doesn’t support this, tough luck!

In addition, you must change the configuration in your e-mail client. In Thunderbird that’s pretty much straight forward:

WARNING: I will not fix your computer if you break it even if you followed my instructions. It’s your own responsibility. Making a mistake in the Thunderbird configuration will prevent it from receiving and/or sending e-mails.

  • Open the account settings dialog.
  • Select “Server Settings”.
  • Under Connection Security, select SSL/TLS (preferred) or STARTTLS, depending on what your server supports.
  • The port number will change automatically. If it doesn’t or your server does not use the default ports for encrypted transport, change the port number.
  • Select “Outgoing Server (SMTP)” (it’s down, below “Local Folders”).
  • Edit the entry you want to change (usually there is only one).
  • Change Connection Security to SSL/TLS (preferred) or STARTTLS, depending on what your server supports.
  • The port number will change automatically. If it doesn’t or your server does not use the default ports for encrypted transport, change the port number.

Now test it and have fun.