claws_mail_leaks_plaintext_to_imap.mdwn 7.58 KB
Newer Older
sajolida's avatar
sajolida committed
1
[[!meta date="Thu May 7 12:34:56 2015"]]
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
[[!meta title="Claws Mail leaks plaintext of encrypted emails to IMAP server"]]

We discovered that *Claws Mail*, the email client in Tails, stores
plaintext copies of all emails that are meant to be encrypted on the
remote IMAP server.

  - When sending an email, *Claws Mail* copies the email in plaintext to
    the sending queue of the IMAP server before encrypting the email.
    *Claws Mail* deletes this plaintext copy after sending the email.
  - If an email is saved as draft, *Claws Mail* saves the email in
    plaintext on the server. By default in Tails, drafts are not stored
    automatically on the server.

**All users of *Claws Mail* using IMAP and its OpenPGP plug-in are affected.**

Users of *Claws Mail* using POP are not affected.

<div class="tip">

To know if you are using IMAP or POP, choose <span class="menuchoice">
<span class="guimenu">Configuration</span>&nbsp;▸
<span class="guimenuitem">Edit accounts&hellip;</span></span> and refer
to the <span class="guilabel">Protocol</span> column in the list of
accounts.

</div>

Unfortunately, we were not yet able to fix the problem automatically and
everybody. This would likely require to either modify *Claws Mail* or to
migrate to a different application. Refer to the workarounds section to
solve this problem in your setup and please warn others around you.

sajolida's avatar
sajolida committed
34
[[!toc levels=2]]
35 36 37 38

Workarounds
===========

39 40
Verify the content of your **Drafts** folder
--------------------------------------------
41

42 43 44 45 46 47
First of all, verify the content of the **Drafts** folder on the server,
either through *Claws Mail* directly or, better, through the web
interface of your email provider. Delete any plaintext email that might
have been stored against your will in this folder until now.

Then apply one of the other three workarounds to prevent more leaks in the future.
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78

Use POP instead of IMAP
-----------------------

*Claws Mail* can connect to the email server using either the IMAP or POP
protocol.

  - With IMAP, *Claws Mail* constantly synchronizes with the server and
    displays the emails and folders that are currently stored on the
    server. IMAP is better suited if you access your emails from
    different operating systems.
  - With POP, *Claws Mail* downloads the emails that are in the inbox
    on the server and possibly removes them from the server. POP is
    better suited if you access emails from Tails only and store them in
    the persistent volume.

To know more, see also this Yahoo! Help page on [comparing the
differences between POP and
IMAP](https://help.yahoo.com/kb/mail-for-desktop/compare-differences-pop-imap-sln3769.html).

POP is not affected at all by this security problem. When using POP,
only encrypted emails are sent to the server. So consider switching to
POP if you have an email account dedicated to your activities on Tails.
To do so:

1. Choose **File**&nbsp;▸ **Add mailbox**&nbsp;▸ **MH&hellip;** to
create a local mailbox where to download your emails.

1. To store the mailbox in the persistent volume, specify
`~/.claws-mail/Mail` as location.

sajolida's avatar
sajolida committed
79 80
   [[!img add_mailbox.png link="no"]]

81 82 83 84 85 86 87 88 89 90 91 92
1. Choose **Configuration**&nbsp;▸ **Edit accounts&hellip;**, select
your IMAP account in the list of accounts, and click **Delete** to
delete it. Doing so does not delete any email stored on the server.

1. Click **New** and configure this new account as specified by your
email provider.

   - In the **Basic** tab, make sure that the **Protocol** option is set
     to **POP3**.
   - In the **Receive** tab, click on the **Browse** button of the
     **Default Inbox** option and select the **Inbox** folder of the
     mailbox that you created in step 2.
sajolida's avatar
sajolida committed
93 94 95

     [[!img select_inbox.png link="no"]]

96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157
   - If you want to keep a copy of the received emails on the server,
     verify the preferences in the **Receive** tab. We recommend you to
     disable the **Remove messages on server when received** option
     until you make sure that the emails are stored in the persistent
     volume.

1. Close the preferences dialog and the list of accounts to go back to
the main window of *Claws Mail*.

1. Click on the **Get Mail** button to download all emails from the
inbox on the server. Emails in other folders are not downloaded.

Use the OpenPGP Applet
----------------------

If you want to continue using IMAP, you can write your emails in the
*gEdit* text editor and encrypt them using *Tails OpenPGP Applet* as
explained in our documentation on [[OpenPGP public-key
cryptography|doc/encryption_and_privacy/gpgapplet/public-key_cryptography]].

### Disable autosaving of drafts

1. Choose **Configuration**&nbsp;▸ **Preferences&hellip;**.

1. Select **Writing** in the left pane.

1. Make sure that the **Automatically save messages to Draft folder**
option is deselected. Click **OK**.

### When writing a new email

1. Write your email in *gEdit*.

1. Encrypt your email using *Tails OpenPGP Applet*.

1. Paste the encrypted version of your email in *Claws Mail*.

### When replying to an email

1. *Claws Mail* decrypts your email automatically.

1. Copy and paste the decrypted version of your email in *gEdit*.

1. Write your reply in *gEdit*.

1. Encrypt your reply using *Tails OpenPGP Applet*.

1. Paste the encrypted version of your email in *Claws Mail*.

Use local **Drafts** and **Queue** folders
------------------------------------------

Instead of using *Tails OpenPGP Applet*, you can configure your IMAP
account to use **Drafts** and **Queue** folders stored in Tails instead
of on the server. To do so:

1. Choose **Add mailbox**&nbsp;▸ **MH&hellip;** to create a local
mailbox where to save your drafts and queued emails.

1. To store the mailbox in the persistent volume, specify
`~/.claws-mail/Mail` as location.

sajolida's avatar
sajolida committed
158 159
   [[!img add_mailbox.png link="no"]]

160 161 162 163 164 165 166 167 168 169 170 171
1. Choose **Configuration**&nbsp;▸ **Edit accounts&hellip;**, select
your IMAP account in the list of accounts, and click **Edit** to edit
its preferences.

1. Select **Advanced** in the left pane.

1. Select the **Put queued messages in** option, click **Browse**, and
select the **Queue** folder of the **MH** mailbox.

1. Select the **Put draft messages in** option, click **Browse**, and
select the **Drafts** folder of the **MH** mailbox.

sajolida's avatar
sajolida committed
172 173
[[!img local_folders.png link="no"]]

174 175 176 177 178 179
Long term solution
==================

As for the possible long term solutions to this problem, we are
considering:

180
- Getting the development team of *Claws Mail* to [fix the problem upstream](http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2965)
181
  and release a security update for Debian. We contacted them about this
182 183
  problem already but please help them provide a technical
  solution if you can.
184

sajolida's avatar
sajolida committed
185
- Replacing *Claws Mail* with *Icedove* (the name of *Mozilla Thunderbird* in
186
  Debian). We have been willing to do so for years and this problem
sajolida's avatar
sajolida committed
187
  motivates us to move faster.
188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215

Technical details
=================

Leak through the sending queue
------------------------------

When sending an email through IMAP, *Claws Mail* does the following:

  1. It connects to the IMAP server and stores a plaintext copy of the
  email in the **Queue** folder on the server.

  1. It encrypts the email locally.

  1. It sends the encrypted email through the SMTP server.

  1. It connects to the IMAP server and stores an encrypted copy of the
  email in the **Sent** folder on the server.

  1. It connects to the IMAP server and deletes the plaintext email
  saved in step 1 from the **Queue** folder.

Leak of drafts
--------------

When saving a draft, either manually, either by the autosaving feature,
the draft is saved in plaintext on the IMAP server. The autosaving
feature is disabled by default in Tails.