Android cannot delete emails from IMAP server

I’ve been having an odd problem with being unable to delete emails from the Inbox of my self-hosted email account from my Android phone, using the Gmail app, using IMAP. When I would delete a message, a copy would be created in the Trash folder, but the original would remain in the inbox – when viewed from webmail. When I refreshed the inbox, the original would reappear on my phone.

At first, I thought the problem was permissions on /var/mail – so I did various changes such as chmod 1775, but to no avail.

I then remembered that I had recently re-setup my mail account on my phone, and realized that maybe it wasn’t using IMAP previously. So, I deleted the account, set it up again as POP3, and enabled server-side deletion. It worked!

It turns out that most mobile IMAP clients do not support the ability to achieve true server-side deletion. Using POP3 is an easy alternative and there is no harm. Yes, POP3 is an outdated and cruddy protocol, but in the end, it works.

Postfix: TLS is required, but our TLS engine is unavailable

Recently, emails sent from my Postfix mail server to my Gmail account were getting tagged as ‘insecure’. Come to find out, they were no longer sending with TLS. They were defaulting back to open SMTP over port 25. Why? Because Debian’s ca-certificates.crt had updated and that removed the CA needed to make my site’s certificate valid – and I use that same certificate to encrypt my TLS SMTP traffic.

First, to diagnose the problem, I forced TLS in my main.cf and turned on TLS logging with the following settings:

smtp_enforce_tls=yes
smtp_tls_loglevel=1

I then restarted Postfix with:

sudo service postfix restart

After restarting, Postfix provides the following error in its logs when attempting to send email:

TLS is required, but our TLS engine is unavailable

Earlier in the log file, it indicates a failure to load the CA file that validates the cert and key files. So, here’s the solution:

  1. Make sure your cert and CA files are located in /etc/ssl/certs
  2. Run the following command: sudo update-ca-certificates –fresh
  3. Then go to your Postfix main.cf and verify the following lines are there (and comment out any conflicting lines):
     smtpd_use_tls=yes
     smtp_use_tls=yes
     smtpd_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
     smtpd_tls_cert_file=/etc/ssl/certs/YOUR_CERT.crt
     smtpd_tls_key_file=/etc/ssl/YOUR_PRIVATE_KEY.key
     smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
     smtp_tls_key_file=/etc/ssl/YOUR_PRIVATE_KEY.key
     smtp_tls_cert_file=/etc/ssl/certs/YOUR_CERT.crt
     smtpd_tls_security_level=encrypt
     smtp_tls_security_level=encrypt
  4. Restart the Postfix service again.
  5. Send an email to an @gmail.com address – you should no longer see the unlocked icon under the sender information.