From MozillaZine Knowledge Base
You can create a new account by pressing the Add Mail Account button in Tools -> Account Settings -> Account Actions. All you need to know is your email address and password, it will configure the account settings for you. It defaults to a IMAP account but you can tell it to use a POP account instead using a radio button. If you don't want it to automatically configure your account press the "Manual Config" button in the second screen of "Mail Account Setup".
After you create the POP/IMAP account in Thunderbird enable using the POP or IMAP server with your account by:
If you're using the same Gmail POP account with multiple email clients you need to enable recent mode in order to let each email client access all of the messages in that account. You can do that by replacing email@example.com with recent:firstname.lastname@example.org as the username in Tools -> Account Settings -> Server Settings.
Using OAuth2 for "secure authentication" will popup a window for your password using your systems default browser. It requires cookies to be enabled for google.com. It creates a token that will be used as if it was a stored password, by the password wizard. You can use a normal password instead for "secure authentication". However, unless you log into https://www.google.com/settings/security/lesssecureapps using a browser and select Allow to let less secure apps access your Google account Gmail may return an error when you try to login if you haven't had the Gmail account for at least 90 days. They have changed the error message several times. Currently it should look something like: "Sending of password for user XYZ did not succeed. Mail server pop.gmail.com responded: Web login required: https://support.google.com/mail/answer/78754". 
Using a password is just as secure as OAuth2, except for the possibility for somebody to use Tools -> Options -> Security -> Passwords -> Saved Passwords to view your saved password. This is really just an attempt to increase use of OAuth2, which supports their business plan by supporting logging into third party web sites such as Facebook or Twitter without exposing the users password. After a while some other email providers such as Yahoo have started doing the same thing to encourage people to use their apps or webmail (instead of a 3rd party email client).
If you get a popup later on after things have been working that you have to sign in to the Google account again, and then a "cookies disabled" web page you need to either enable cookies in Tools -> Options -> Privacy -> Web Content or add an exception for Google. 
The account wizard sometimes uses googlemail.com instead of gmail.com in the server names. They're equivalent. Gmail is rebranded as Google Mail in Germany, Austria and the United Kingdom.
If you use the Gmail SMTP server with a different account it will replace the From: address with your Gmail accounts email address unless you add the email address in the Gmail web page at Setting -> Accounts -> "Add another email address"
Set tools -> account settings -> server settings -> advanced -> IMAP server directory to [Gmail] to fix problems with how it lists folders in the folder pane.
Don't configure Thunderbird to save a copy of any messages you send in tools -> account settings -> copies & folders. Gmail's SMTP server automatically saves a copy of any message you send in the Sent Items folder for you.
The SMTP server also supports using port 465 with SSL/TLS. 
Subscriptions control whether an IMAP folder is visible in the folder pane (and any lists of folders). If it is cluttered with folders you don't normally use, you might want to hide some by unsubscribing them. You won't be notified of new mail in unsubscribed folders.
You can subscribe or unsubscribe a folder by:
You can also use the Subscribe and Unsubscribe buttons in that menu. If View -> Folders is set to Unified instead of All, right click on the accounts name underneath the (unified) inbox at the top of the folder pane since that view displays the inbox folder differently.
Gmail IMAP accounts have a All Mail folder which tracks every message. This is an artifact of how Gmail implemented labels, not a Thunderbird quirk. That folder is also used as the archive folder.
Tools -> Account Settings -> Gmail -> Synchronization & Storage -> Advanced is configured to keep a local copy of all IMAP folders on your hard disk. From a performance point of view you may wish to unsubscribe All Mail. (Note: Prior to version 17, being subscribed to All Mail folder doubles the amount of disk space used by Thunderbird to store your Gmail account ,and may cause some problems. Nowever, starting with version 17, with fixed bug 721316 only ONE copy of every newly downloaded message is kept on disk, so there is no need to unsubcribe from a storage point of view.) The safe way to unsubscribe and free the related disk space is:
If you have multiple Gmail IMAP accounts some of the directories will have a numeric prefix such as imap.gmail-1.com. Look at the "Local Directory" setting at the bottom of the Tools -> Account Settings -> account_name -> Server Settings (by the browse button) to find the name of that account's directory.
Less Secure Apps
Google is trying to push email clients to either use two factor authentication or OAuth2, rather than simply logging in with POP/IMAP/SMTP using your username/password. They are doing this by gradually increasing the number of times they prevent a email client from logging in with a password, claiming they did that because the email client was not secure enough. This is not limited to Thunderbird, it occurs with almost any email client. It has nothing to do with whether the email client is using the latest version of SSL/TLS or Perfect Forward Secrecy, its strictly an authentication issue. If you run into this your Gmail account may either appear to hang, you get some type of “Password incorrect” error or you get a error message roughly like:
We recently blocked a sign-in attempt to your Google Account [XXXX@gmail.com]. If this was you you can switch to an app made by Google such as Gmail to access your account (recommended) or change your settings at https://www.google.com/settings/security/lesssecureapps so that your account is no longer protected by modern security standards. To learn more, see https://support.google.com/accounts/answer/6009563
If you keep using the same TCP-IP address for your PC/laptop you are usually okay. If you run into this problem log into https://www.google.com/settings/security/lesssecureapps using a browser and select “Allow” to let less secure apps access your Google account. 
Why does Google call Thunderbird “less secure”? has some useful comments such as "OAuth is more secure because it only need to decrypt the keyring (i.e. passwords in plain text) for the very short duration while you authorize the mail agent, this is true whether you do the authentication in browser or if the mail software itself supports inbuilt OAuth authorization." Bypassing Googles two factor authentication and Google-jacking: A review of Google's 2-Factor Authentication discusses some of the risks of how they implemented two factor authentication.
Troubleshooting and Gmail quirks
Gmail treats POP and IMAP messages individually and not as a threaded conversation.
The IMAP folders correspond to the labels in Gmail's webmail. IMAP folder hierarchy is represented by "/" in Gmail's label. e.g. IMAP subfolder XYZ under ABC is mapped to label of ABC/XYZ(maximum length=40 bytes). However, mapping of IMAP folder to Gmail's folder or label at Web interface is special on some special folders.
If you look at the All Mail folder([Gmail]/All Mail of IMAP) using Gmails webmail it will label any IMAP messages with the name of the folder. If you delete a message in Thunderbird it simply removes that folder's label from the message. Compacting the folder doesn't remove the message from the All Mail folder([Gmail]/All Mail of IMAP). You need to move it to the Trash or Spam folder([Gmail]/All Mail or [Gmail]/Spam of IMAP) to delete the message from all folders. It's not clear yet if this is also true for Message aging. Moving back of mail in [Gmail]/All Mail of IMAP to any IMAP mail folder(except [Gmail]/Spam) restores all Gmail's label.
A single copy of each message is stored in the account, and if the messages has multiple labels there are pointers to that copy, a change introduced in version 17.0.2 by bug 721316. (Prior to version 17.0.2 a copy of a message is stored for each label. That means if you assign two labels to a message and star it using Gmails webmail it has a copy in two folders named after the label, the All Mail folder, and the Starred folder.) If you copy a message to multiple remote folders (using Thunderbird) it will be marked with the corresponding labels when viewed using Gmail webmail.
If you move a message into the Spam folder, it is treated the same as if you had reported it in Gmail webmail using 'Report Spam'. See How do actions sync in IMAP? on Gmails web site for more information on how it maps things.
Gmail recommends that you do not use [Gmail]/Trash as your Trash folder since Gmail only keeps a single copy of a message with multiple labels. If you delete a message that way you're also telling it to delete the same message from any other folder (label) that has that message.  Gmail recommends not making Thunderbird move deleted mail into any folder and instead choose "Just mark it as deleted" from "When I delete a message" in Account Settings -> Server Settings.
Gmail supports plus-addressing, a useful way to create a disposable email address. Let's say your email address is JohnSmith@gmail.com and you need to give the xyzzy website an email address. If you give them JohnSmithemail@example.com, it will still be delivered to your inbox, despite the To: header having an extra "+xyzzy". If somebody starts sending spam to that email address, you could create a message filter that tests for xyzzy in the To: header and automatically delete (or move to the Junk mail folder) those messages when checking for new mail. Some email systems violate RFC 2822 and won't send a message using plus addressing, but it is normally not a problem.
Gmail supports a way to periodically fetch email from up to five POP accounts and merge them into your inbox. The POP accounts could be provided by Gmail or another email provider. It works with Thunderbird, but you have to configure mail fetcherusing Gmail webmail.
Two step verification
The Google Account help advocates using two step authentication. That sends a code (a minimum of once a month but ideally every time you log in) to your cell phone that you need to enter when logging in using a browser. However applications such as email clients can't do that. If you configure two step verification you need to create an application specific password for Thunderbird that you use instead of the normal password. The application specific password doesn't change when a new code is sent to your cell phone. If you created a application specific password, you use it for a while, and later on its rejected, forcing you to create another one, try deleting all google cookies using Tools -> Options -> Privacy -> Show Cookies, exit and restart Thunderbird. 
Two step verification is not needed, and not recommended. Use a strong password, and don't use the same password with other email providers/web sites, instead. However, if you have another email account it is a good idea to set a recovery email address in case you ever forget/lose your password.
Gmail supports the CardDAV protocol (an address book client/server protocol designed to allow users to access and share contact data on a server). Currently the SoGo connector add-on is the best way to add CardDav support to Thunderbird. However, it has a reputation as being buggy and having poor support. There is a bug report requesting built-in support for CardDAV. The address book is being completely redesigned and will include support for multiple contact providers. Based on this blog post it looks like that will eventually include support for CardDAV. See this forum thread for information on other alternatives.
Gmail does not provide a LDAP server. LDAP is another protocol to access contact data. Thunderbird has built-in support for creating an address book that uses a LDAP server, but no support for modifying its contacts. You used to be able to use GCALDaemon to provide a the equivalent of a Gmail LDAP server, but it used the deprecated GData API, and doesn't work anymore.
Most people use the free version of Gmail. There is a commercial version of Gmail called G Suite. It used to be called "Google Apps for Your Domain". The main difference is that it has higher limits and is designed for companies that want to use their own domain in the email address. There is also another free version of Gmail called Inbox by Gmail that has a alternative user interface that has more of a focus on automatically classifying the content. Its available as a iOS or Android app or webmail (https://inbox.google.com/) . The app appears to be just another front end to a Gmail account, using the same mail servers.