Thunderbird can’t send Gmail mail after self-built VPN: Cause and Solution

1. Problems

When using a self-built VPN scheme (Wstunnel + Wireguard + Clash Verge Rev), I found that Thunderbird cannot send mail through Gmail, and the error is as follows:

• ‘Unable to connect to the outgoing server (SMTP) smtp.gmail.com, the server may be temporarily unavailable, or the SMTP connection is denied.’
• Or: ‘Messages were not sent because the connection with the sending server (SMTP) smtp.gmail.com timed out.’

At the same time,Access via browser https://mail.google.com But completely normal. This means that the VPN itself can connect to Google, and the problem is that the traffic of Thunderbird is not properly proxyed.

[截图 1：Thunderbird 发送失败的错误弹窗]

2. Cause analysis

The core reason is The Clash shunt rule does not override the mail protocol port.

• My VPN scheme uses Clash for traffic shunting, and the default rules usually only overwrite common ports (80, 443) for HTTP/HTTPS.
• Thunderbird send mail usage SMTP protocol, the port is 587 Or 465. Since these ports are not explicitly matched in the rules, traffic is routed to Clash directed(directly connected).
• My network environment has to go through a VPN to access the external network, and when it is directly connected, I cannot connect to Google’s SMTP server, resulting in a timeout or denial of connection.

The browser can access Gmail because the web traffic is port 443, which is in the Clash rules. match, proxy The bottom is dealt with. Therefore, the phenomenon of ‘the web page is normal, the mail client fails’.

The solution

3.1 Confirm the SMTP settings for Thunderbird

First, make sure that Thunderbird itself is configured to meet Gmail’s requirements, especially OAuth2 certification(Google has phased out normal password authentication).

Go to Thunderbird account settings → Send Server (SMTP), edit the corresponding Gmail sending server.

[截图 2：编辑发件服务器窗口，显示端口 465 + SSL/TLS + OAuth2]

[截图 3：编辑发件服务器窗口，显示端口 587 + STARTTLS + OAuth2](Final recommended configuration)

The following parameters are recommended:

After saving, restart Thunderbird and try to send a test email. Still fail, go on to the next step.

[截图 4：Thunderbird 发送失败的错误弹窗]

3.2 Modify the Clash configuration and add mail port proxy rules

Open the Clash configuration file (I am using the custom rules in the Clash Verge Rev subscription file), find Rules: field, in After the local area network direct connection rules,Before the domestic traffic direct connection rules Insert the following two lines:

rules:
  # ... 前面的规则 ...

  # 本地局域网直连
  - IP-CIDR,127.0.0.1/8,DIRECT
  - IP-CIDR,10.0.0.0/8,DIRECT
  - IP-CIDR,172.16.0.0/12,DIRECT
  - IP-CIDR,192.168.0.0/16,DIRECT

  # ===== 新增：邮件端口走代理 =====
  - DST-PORT,587,Proxy
  - DST-PORT,465,Proxy

  # 国内流量直连
  - DOMAIN-SUFFIX,cn,DIRECT
  - GEOIP,CN,DIRECT

  # 其他全部走代理
  - MATCH,Proxy

Note:Proxy should be replaced with the name of the proxy policy group actually used in your configuration (for example Proxy,zgocloud-wg etc.).

[截图 5：Clash 规则片段，突出显示新增的两行 DST-PORT 规则]

Save the configuration file and reload the configuration in Clash Verge Rev (click the Refresh icon on the Profiles page, or restart Clash).

3.3 Verification results

Try sending emails again after restarting Thunderbird. After following the above steps, the mail should be able to be sent normally.

4. Alternate investigation methods

If it still times out after modification, you can try the following two ways:

4.1 Set up SOCKS5 proxy directly in Thunderbird

Bypassing Clash’s rule split, forcing Thunderbird to go through the proxy.

• Open Thunderbird settings → General → bottom Network Settings → Settings…
• Select manual proxy configuration
• socks host: 127.0.0.1, port: Socks5 port of Clash (usually 7897)
• Check Proxy DNS when using socks v5
• Determine and restart Thunderbird.

If this method can be successfully sent, it means that wstunnel and wireguard itself are no problem, the problem is only in the Clash rules. It should be checked whether the rule order or policy group names are correct. I have had a configuration before, manually configure the agent, refer to:Ubuntu 26.04 Mail Client Tossing Notes: From NetEase Mailbox Master to Thunderbird, add 8 mailboxes in one go

4.2 Check the port forwarding range of wstunnel

Only the Wireguard port is specified in some wstunnel startup commands (such as 51820) forwarding, causing other ports (such as 587,465) cannot reach the remote server.

Check if your wstunnel startup parameters limit port forwarding. Normally, the default configuration will forward all TCP ports. If necessary, modify the wstunnel startup command to remove port restrictions.

5. Summary

The root cause of this problem is The Clash split rule does not contain mail ports, causing Thunderbird’s SMTP traffic to go straight. The solution is also very direct: in the Clash rules rules Partially add:

- DST-PORT,587,Proxy
- DST-PORT,465,Proxy

This idea also applies to proxy problems for other non-HTTP protocols (such as SSH, games, app store updates, etc.) – just find the corresponding port and add it to the proxy rules.

Environmental reference: Ubuntu 26.04 + Thunderbird 151.0.1 + Clash Verge Rev + self-built WSTUnnel/Wireguard scheme.

Refuse to toss | Exclusive WireGuard VPN generation service

This channel has long measured various network optimization plans.The self-use line has been running continuously and steadily for more than 1 month, and there is no disconnection record in the whole process. If you don’t want to step on the pit and toss the complicated server and protocol configuration repeatedly, please contact me for an exclusive solution.

Service content:
✅ Remote construction: Deploy a dedicated VPN on your own server, complete data control, once and for all.
✅ Free trial benefits: New users can applyFree trial for a month of my self-built node, to experience the ultimate stability and speed.
✅ Effect guarantee: Deeply optimize the shunting rules to completely solve the problem of stuck and connection timeouts in daily use.

Contact:
Telegram: @shuijingwan
WeChat: 13980074657
Mailbox:shuijingwanwq@gmail.com