English Serbian (latin)
[[!meta date="Thu, 07 May 2015 12:34:56 +0000"]]
[[!meta title="Claws Mail leaks plaintext of encrypted emails to IMAP server"]]
[[!tag security/fixed]]
We discovered that *Claws Mail*, the email client in Tails, stores plaintext copies of all emails on the remote IMAP server, including those that are meant to be encrypted.
When sending an email, *Claws Mail* copies the email in plaintext to the sending queue of the IMAP server before encrypting the email. *Claws Mail* deletes this plaintext copy after sending the email.
*Claws Mail* drafts in plaintext on the server. An email can be saved as draft either:
Manually by clicking on the **Draft** button when composing an email.
Automatically if you selected the **automatically save message to Draft folder** option in the writing preferences. This option is deselected by default in Tails.
**All users of *Claws Mail* using IMAP and its OpenPGP plug-in are affected.**
Users of *Claws Mail* using POP are not affected.
To know if you are using IMAP or POP, choose <span class="menuchoice">
<span class="guimenu">Configuration</span>&nbsp;▸
<span class="guimenuitem">Edit accounts&hellip;</span></span> and refer
to the <span class="guilabel">Protocol</span> column in the list of
Unfortunately, we were not yet able to fix the problem automatically and for everybody. This would require to either modify *Claws Mail* or to migrate to a different application. Refer to the workarounds section to solve this problem in your setup and please warn others around you.
[[!toc levels=2]]
Verify the content of your **Drafts** folder
First of all, verify the content of the **Drafts** folder on the server, either through *Claws Mail* or through the web interface of your email provider. Delete any plaintext email that might have been stored against your will in this folder until now.
Then apply one of the other two workarounds to prevent more leaks in the future.
Use POP instead of IMAP
*Claws Mail* can connect to the email server using either the IMAP or POP