How to Make Thunderbird Chat Work with Most XMPP/Jabber Accounts

I really like how Thunderbird 15.0 has build in support for populate chat services like Google Talk, Twitter, and XMPP (aka Jabber).

What I don’t like is that Thunderbird’s support for these is minimal, and when things don’t work it is almost impossible to figure out why.

Here are two issues I ran into and their solution.

Jabber/XMPP Accounts seems stuck on “Connecting”

Before you assume that you ran to the issues I did, try port 5223 rather than port 5222. Port 5223 is the old school “secure” port for XMPP/Jabber. The more modern way is that port 5222 is used, but the server then negotiates a secure connection.

For me the root cause turned out to be a special feature in how XMPP looks up servers. If a company doesn’t want to open a port on their main server (for example bigcompany.com) they can add a special internet name lookup (DNS Record) saying “my jabber server is really over on the other server). These kind of records are called DNS SRV records.

Most XMPP clients do this for you automatically, but Thunderbird 15.0 doesn’t do this, fortunately, you can do the same look up yourself and then tell Thunderbird to user the other server instead.

How to Lookup the Actual XMPP Server for an Account

Instead of running command line tools, some helpful souls haven put together online tools to find your XMPP server, so that’s what we’ll us:

  1. Open your web browser to https://kingant.net/check_xmpp_dns/.
  2. In the text field under Check DNS SRV records for XMPP, enter the part of your XMPP/Jabber account that happens after the @.
  3. Click on the Check button.

  4. If the results say “ERROR”, then the problem you are having is not due to the SRV record feature, but something else.
  5. In the Client records for section of the results, locate the Target column, and copy the value immediately under it.
  6. Go back to Thunderbird, choose Tools->Account Settings…”, click on your XMPP account in the left hand ride, and then paste into the Server field.
  7. Click on OK to close the preferences window.

How to Fix when You Connect and then are Immediately Disconnected from the XMPP Server

Once I had done the previous steps to fix server lookup, I immediately found that my account was immediately disconnected.

After verifying the username and password, I did some investigation and determined that my XMPP/Jabber server has an “invalid” SSL certificate. You may be wondering how a server might have an invalid certificate? The answer is that valid certificates cost money and require a unique internet address for the server. If you are using a free service from a small company, or even an internal server, odds are good that they won’t be springing for an officially signed SSL certificate any time soon.

All is not lost though, you can tell Thunderbird that you trust the server, and that Thunderbird should also.

Here’s how:

  1. In Thunderbird open the Preferences windows.
  2. Click on the Advanced tab.
  3. Click on the Certificates section.
  4. Click on View Certificates.
  5. Click on the Servers tab.
  6. Click on Add Exception….
  7. In the Location: field, delete https:// and enter the server name you looked up the SRV section above. If you got an ERROR when looking up the SRV record, enter the part of your XMPP/Jabber account that happens after the @.
  8. After the server name enter :5222. Be sure and include the colon (:).
  9. Click on Get Certificate
  10. Make sure Permanently Store this Exception is checked.
  11. Click on Confirm this Exception.
  12. Click on OK.

Good Luck

With any luck you will now be able able to connect to your Jabber/XMPP server.

Please suggest improvements to these directions in the comments.

15 thoughts on “How to Make Thunderbird Chat Work with Most XMPP/Jabber Accounts

  1. Depending on the server, you may hove to use port 5223 instead of 5222. I had to. Otherwise good HOWTO.

  2. It’s possible the certificate your XMPP server has was correct, here is why:
    Let’s assume that you are connecting the account username@domain.tld and that the SRV record for domail.tld points to xmpp.provider.net.

    In this case, the XMPP specification says that the server should send you a valid certificate for “domain.tld”.
    However, you configured Thunderbird to connect directly to xmpp.provider.net, so Thunderbird expects a valid certificate for that hostname, which isn’t the case is the server is correctly configured and sends a valid certificate but for domain.tld.

    (Of course it’s also possible that the certificate was indeed self-signed.)

    Thanks for writing a clear tutorial on how to work around the lack for DNS SRV support in Thunderbird, I’m sure lots of users will find this handy!

  3. In my case I was dealing with an expired certificate, but good point about the potential mismatch due to pointing at the SRV designated server. The port 5222 vs. 5223 is a good point also, so I will update the How To accordingly.

  4. Thanks for the tip-off about the certificate being key to “the server has disconnected” message. In my case I needed to add a local CA to the cert store and then it worked beautifully.

    Absolutely no messages on the client-side to help debug that!

  5. On Mac OS X one has to import the certificate to the keyring and declare it trustworthy prior to import the cert to thunderbird.

  6. That’s an excellent point.

    I had previously set up other chat clients (like Adium) on Mac OS X, so I didn’t know that needed to be done even for Thunderbird chat.

    Thanks for the info!

  7. Your tutorial was fantastic. Thanks for this post. Thunderbird now works for me for the internal Openfire server that I have setup.

  8. Amazing how setting up XMPP clients are so easy on Pidgin and Spark, but it’s extremely difficult with Thunderbird.

  9. Pingback: Back to XMPP – davelevy . info / wiki

Leave a Reply

Your email address will not be published. Required fields are marked *