claws_mail_leaks_plaintext_to_imap.mdwn 6.95 KB
Newer Older
1
[[!meta date="Thu, 07 May 2015 12:34:56 +0000"]]
2
[[!meta title="Claws Mail leaks plaintext of encrypted emails to IMAP server"]]
3
[[!pagetemplate template="news.tmpl"]]
4

5 6
[[!tag security/fixed]]

7
We discovered that *Claws Mail*, the email client in Tails, stores
sajolida's avatar
sajolida committed
8 9
plaintext copies of all emails on the remote IMAP server, including
those that are meant to be encrypted.
10 11 12 13

  - When sending an email, *Claws Mail* copies the email in plaintext to
    the sending queue of the IMAP server before encrypting the email.
    *Claws Mail* deletes this plaintext copy after sending the email.
14 15 16 17 18 19
  - *Claws Mail* drafts in plaintext on the server. An email can be
    saved as draft either:
    - Manually by clicking on the **Draft** button when composing an email.
    - Automatically if you selected the **automatically save message to
      Draft folder** option in the writing preferences. This option is
      deselected by default in Tails.
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

**All users of *Claws Mail* using IMAP and its OpenPGP plug-in are affected.**

Users of *Claws Mail* using POP are not affected.

<div class="tip">

To know if you are using IMAP or POP, choose <span class="menuchoice">
<span class="guimenu">Configuration</span>&nbsp;▸
<span class="guimenuitem">Edit accounts&hellip;</span></span> and refer
to the <span class="guilabel">Protocol</span> column in the list of
accounts.

</div>

Unfortunately, we were not yet able to fix the problem automatically and
sajolida's avatar
sajolida committed
36
for everybody. This would require to either modify *Claws Mail* or to
37 38 39
migrate to a different application. Refer to the workarounds section to
solve this problem in your setup and please warn others around you.

sajolida's avatar
sajolida committed
40
[[!toc levels=2]]
41 42 43 44

Workarounds
===========

45 46
Verify the content of your **Drafts** folder
--------------------------------------------
47

48
First of all, verify the content of the **Drafts** folder on the server,
sajolida's avatar
sajolida committed
49
either through *Claws Mail* or through the web
50 51 52
interface of your email provider. Delete any plaintext email that might
have been stored against your will in this folder until now.

53
Then apply one of the other two workarounds to prevent more leaks in the future.
54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82

Use POP instead of IMAP
-----------------------

*Claws Mail* can connect to the email server using either the IMAP or POP
protocol.

  - With IMAP, *Claws Mail* constantly synchronizes with the server and
    displays the emails and folders that are currently stored on the
    server. IMAP is better suited if you access your emails from
    different operating systems.
  - With POP, *Claws Mail* downloads the emails that are in the inbox
    on the server and possibly removes them from the server. POP is
    better suited if you access emails from Tails only and store them in
    the persistent volume.

To know more, see also this Yahoo! Help page on [comparing the
differences between POP and
IMAP](https://help.yahoo.com/kb/mail-for-desktop/compare-differences-pop-imap-sln3769.html).

POP is not affected at all by this security problem. When using POP,
only encrypted emails are sent to the server. So consider switching to
POP if you have an email account dedicated to your activities on Tails.
To do so:

1. Choose **File**&nbsp;▸ **Add mailbox**&nbsp;▸ **MH&hellip;** to
create a local mailbox where to download your emails.

1. To store the mailbox in the persistent volume, specify
sajolida's avatar
sajolida committed
83 84 85
<span class="command">.claws-mail/Mail</span> as location.
Make sure to type the <span class="command">.</span> before
<span class="command">claws-mail/Mail</span>.
86

87
   [[!img claws_mail_leaks_plaintext_to_imap/add_mailbox.png link="no"]]
sajolida's avatar
sajolida committed
88

89 90 91 92 93 94 95 96 97 98 99 100
1. Choose **Configuration**&nbsp;▸ **Edit accounts&hellip;**, select
your IMAP account in the list of accounts, and click **Delete** to
delete it. Doing so does not delete any email stored on the server.

1. Click **New** and configure this new account as specified by your
email provider.

   - In the **Basic** tab, make sure that the **Protocol** option is set
     to **POP3**.
   - In the **Receive** tab, click on the **Browse** button of the
     **Default Inbox** option and select the **Inbox** folder of the
     mailbox that you created in step 2.
sajolida's avatar
sajolida committed
101

102
     [[!img claws_mail_leaks_plaintext_to_imap/select_inbox.png link="no"]]
sajolida's avatar
sajolida committed
103

104 105 106 107 108 109 110 111 112 113 114 115 116 117 118
   - If you want to keep a copy of the received emails on the server,
     verify the preferences in the **Receive** tab. We recommend you to
     disable the **Remove messages on server when received** option
     until you make sure that the emails are stored in the persistent
     volume.

1. Close the preferences dialog and the list of accounts to go back to
the main window of *Claws Mail*.

1. Click on the **Get Mail** button to download all emails from the
inbox on the server. Emails in other folders are not downloaded.

Use local **Drafts** and **Queue** folders
------------------------------------------

119
If you want to continue using IMAP, you should configure your IMAP
120 121 122 123 124 125 126
account to use **Drafts** and **Queue** folders stored in Tails instead
of on the server. To do so:

1. Choose **Add mailbox**&nbsp;▸ **MH&hellip;** to create a local
mailbox where to save your drafts and queued emails.

1. To store the mailbox in the persistent volume, specify
sajolida's avatar
sajolida committed
127 128 129
<span class="command">.claws-mail/Mail</span> as location.
Make sure to type the <span class="command">.</span> before
<span class="command">claws-mail/Mail</span>.
130

131
   [[!img claws_mail_leaks_plaintext_to_imap/add_mailbox.png link="no"]]
sajolida's avatar
sajolida committed
132

133 134 135 136 137 138 139 140 141 142 143 144
1. Choose **Configuration**&nbsp;▸ **Edit accounts&hellip;**, select
your IMAP account in the list of accounts, and click **Edit** to edit
its preferences.

1. Select **Advanced** in the left pane.

1. Select the **Put queued messages in** option, click **Browse**, and
select the **Queue** folder of the **MH** mailbox.

1. Select the **Put draft messages in** option, click **Browse**, and
select the **Drafts** folder of the **MH** mailbox.

sajolida's avatar
sajolida committed
145
[[!img claws_mail_leaks_plaintext_to_imap/local_folders.png link="no"]]
sajolida's avatar
sajolida committed
146

147 148 149 150 151 152
Long term solution
==================

As for the possible long term solutions to this problem, we are
considering:

sajolida's avatar
sajolida committed
153 154 155
- Getting the development team of *Claws Mail* to [fix the problem upstream](http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2965).
  We contacted them about this
  problem already. Please help them provide a technical
156
  solution if you can.
157

sajolida's avatar
sajolida committed
158
- Replacing *Claws Mail* with *Icedove* (the name of *Mozilla Thunderbird* in
159
  Debian). We have been willing to do so for years and this problem
sajolida's avatar
sajolida committed
160
  motivates us to move faster.
161 162 163 164 165 166 167

Technical details
=================

Leak through the sending queue
------------------------------

sajolida's avatar
sajolida committed
168
When sending an email from an IMAP account, *Claws Mail* does the following:
169 170 171 172 173 174 175 176 177 178 179 180 181

  1. It connects to the IMAP server and stores a plaintext copy of the
  email in the **Queue** folder on the server.

  1. It encrypts the email locally.

  1. It sends the encrypted email through the SMTP server.

  1. It connects to the IMAP server and stores an encrypted copy of the
  email in the **Sent** folder on the server.

  1. It connects to the IMAP server and deletes the plaintext email
  saved in step 1 from the **Queue** folder.