The translation is temporarily closed for contributions due to maintenance, please come back later.
The translation was automatically locked due to following alerts: Could not merge the repository.
English Turkish
[[!meta date="Thu, 07 May 2015 12:34:56 +0000"]]
[[!meta title="Claws Mail leaks plaintext of encrypted emails to IMAP server"]]
[[!pagetemplate template="news.tmpl"]]
[[!pagetemplate template="news.tmpl"]]
[[!tag security/fixed]]
[[!tag security/fixed]]
We discovered that *Claws Mail*, the email client in Tails, stores plaintext copies of all emails on the remote IMAP server, including those that are meant to be encrypted.
When sending an email, *Claws Mail* copies the email in plaintext to the sending queue of the IMAP server before encrypting the email. *Claws Mail* deletes this plaintext copy after sending the email.
*Claws Mail* drafts in plaintext on the server. An email can be saved as draft either:
Manually by clicking on the **Draft** button when composing an email.
Automatically if you selected the **automatically save message to Draft folder** option in the writing preferences. This option is deselected by default in Tails.
**All users of *Claws Mail* using IMAP and its OpenPGP plug-in are affected.**
Users of *Claws Mail* using POP are not affected.
<div class="tip">
<div class="tip">
To know if you are using IMAP or POP, choose <span class="menuchoice">
<span class="guimenu">Configuration</span>&nbsp;▸
<span class="guimenuitem">Edit accounts&hellip;</span></span> and refer
to the <span class="guilabel">Protocol</span> column in the list of
accounts.
</div>
</div>
Unfortunately, we were not yet able to fix the problem automatically and for everybody. This would require to either modify *Claws Mail* or to migrate to a different application. Refer to the workarounds section to solve this problem in your setup and please warn others around you.
[[!toc levels=2]]
[[!toc levels=2]]
Workarounds
Verify the content of your **Drafts** folder
First of all, verify the content of the **Drafts** folder on the server, either through *Claws Mail* or through the web interface of your email provider. Delete any plaintext email that might have been stored against your will in this folder until now.
Then apply one of the other two workarounds to prevent more leaks in the future.