[as reported in on Get Satisfaction:
Hi DreamHost Support Folks:
This is Roland from Thunderbird support. Thunderbird is an email client from Mozilla Messaging.
Mozilla Messaging just released Thunderbird 220.127.116.11 which exposes a “bug” (see DETAILS below) in DreamHost’s SSL certificates. This “bug” affects all DreamHost customers who use email on DreamHost and who use Thunderbird 18.104.22.168
Not sure if you can fix this “bug”, so just filing this problem here as “heads up”. Will also file it via your normal support channels. I’m also going to file a reply to this problem with a link to this topic at our Get Satisfaction which is:
…Roland “Technical Support Lead”, Mozilla Messaging
+1 604 729 7924
DETAILS from https://bugzilla.mozilla.org/show_bug.cgi?id=511921
Thunderbird prior to 22.214.171.124 still contained the bug that allowed * in an SSL cert to match more than one atom of a hostname (which actually violates the spec).
Thunderbird 126.96.36.199 changed the behavior so that a domain name with more than one atom in the spot where the * is in the cert name properly rejects the cert as an invalid hostname. Dreamhost has mailservers named with a pattern like:
Their cert says *.mail.dreamhost.com.
…Roland “Technical Support Lead, Mozilla Messaging” Tanglao