7

I would like to access my personal IMAP server through my corporate firewall. This is allowed provided I use the corporate proxy server, which is an HTTP proxy server. I cannot figure out how to configure Thunderbird to honor this proxy server, though. It honors it for HTTP traffic, but not for IMAP and SMTP.

Thunderbird: 15.0 OS: OSX 10.8.1

AFAIK, there is no SOCKS proxy available, just an HTTP proxy. Also, the HTTP proxy allows other protocols to go through it (c.f. Can I tunnel other protocol through an HTTP proxy?). Using an add-on for a solution would be fine. Thanks!

Community
  • 1
Joe Casadonte
  • 5,373
  • 5
  • 25
  • 38
  • 'Also, the HTTP proxy allows other protocols to go through it.' - Are you sure about that? – gertvdijk Sep 11 '12 at 13:00
  • I'm 1000% positive it does; I do it all the time. – Joe Casadonte Sep 11 '12 at 13:39
  • Learned something new, thanks. Good you've updated your question accordingly. – gertvdijk Sep 11 '12 at 13:45
  • Did you tick "Use this proxy server for all protocols" in options, adv, net, settings? – RedGrittyBrick Sep 11 '12 at 13:54
  • @Joe Casadonte Sadly this is not always true. Some proxies try to parse the requests. When they fail to parse HTTP they give up. In which case you need use something else to bypass the proxy. E.g. IP over DNS. (and yes, that exists and I admire it for its hack value). – Hennes Sep 11 '12 at 14:27
  • @RedGrittyBrick - yes, I tried that, but TB still seems to make no attempt to use the HTTP proxy for IMAP. – Joe Casadonte Sep 11 '12 at 15:55
  • @Hennes - true, not all HTTP proxies can handle the CONNECT command, and those that can need to be configured to allow it (and it can be restricted in a lot of ways, etc). My proxy at work does handle it and it's configured to allow just about anything through it. Why, then, it's there is a different question for a different time... – Joe Casadonte Sep 11 '12 at 15:57
  • @JoeCasadonte: If your proxy does not support CONNECT, then it cannot handle HTTPS, because HTTPS sets up a tunnel between browser and remote server. Thus there is a constraint that CONNECT should be targeting only 443 port. And thus you need another intermediate proxy to unwrap HTTPS and connect to Google. This idea is expressed [here](http://centurion.dynalias.com/w/articles/http_tunnelling). – dma_k Apr 10 '13 at 13:26

2 Answers2

0

My (oldish) Thunderbird has a checkbox in the "Connection Settings" to make Thunderbird use the http proxy setting for all protocols. Did you try that?

Otherwise maybe this helps?

pitseeker
  • 203
  • 3
  • 8
  • I think this option only affects the content loading of email itself, e.g. external images. It does not affect the IMAP/POP3 protocol itself, which requires direct connection. – dma_k Apr 10 '13 at 13:09
  • @dma_k I don't understand... there is a setting in Thunderbird to use a proxy, which seems to contradict the statement "requires direct connection". – Michael Jul 10 '20 at 20:58
  • Are you familiar with IMAP vs HTTP protocols? IMAP cannot be proxied via HTTP proxy, however when you open an email that has HTML content with external resources like images, then requests to get these external resources go via proxy. IMAP proxying via HTTPs proxy theoretically is possible (and here is a [link to a solution using proxytunnel utility](https://www.centurion.link/w/articles/http_tunnelling)), but normally HTTPs proxy will not allow this and also Thurderbird needs to support such a hack, which is not the case at least for v52. – dma_k Jul 11 '20 at 18:55
  • HTTP has a method called CONNECT, which can be used to establish a tunnel to a server on any port specified. This is commonly used for HTTPS, and also other protocols. Once the tunnel is set up, the proxy would normally just opaquely forward data back and forth. People use this for mail protocols all the time. – Adrien Jan 06 '22 at 19:47
0

For Mac & Windows there is a program called Proxifier that can do what the OS itself cannot. Note that this is a non-free commercial program and I've only tried it under Mac OSX 10.8.1 (ML). It worked flawlessly for me, though, so I guess I can call this one closed.

Joe Casadonte
  • 5,373
  • 5
  • 25
  • 38
  • This can be done in Linux too, using [proxychains](https://github.com/rofl0r/proxychains-ng). This also has the advantage of being free software. – Cris70 Jul 10 '17 at 09:37