Solved

Problem with messages being sent from mailbox appear to be encrypted.

Posted on 2007-11-26
11
337 Views
Last Modified: 2013-11-16
I have a problem where occassionally a message well be sent by different users on different computers and it will come through almost like it is encrypted. Some messages are fine, others appear to be all characters and can not be read. I know that the user did not intend to encrypt or would be able to encrypt the message on their own. It happens only with some messages. Below is an example of the message.

Thanks in advance,
Steve

Cg0KDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBUb20gU3BvbGV0aW5pIFtt
YWlsdG86dG9tc3BvbGV0aW5pQHNwb2x1bWJvcy5jb21dDQpTZW50OiBNb25kYXksIE5vdmVtYmVy
IDI2LCAyMDA3IDg6MzkgQU0NClRvOiAnU3RldmUgQ2xhZXJob3V0Jw0KU3ViamVjdDogUkU6IFBy
aW50ZXIgRGltZW5zaW9ucw0KDQoNClRoZSBraWRzIGludGVybmV0IHdvcmtzIGFuZCB0aGVyZSBp
cyBubyBjYWJsZSBkaXNjb25uZWN0ZWQsIG5vIGJpZyBkZWFsIHdoZW4NCnRoZSBwcmludGVyIGlz
IGluIEkgc3VyZSB5b3Ugd2lsbCBmaWd1cmUgaXQgb3V0LiBUT00NCg0KLS0tLS1PcmlnaW5hbCBN
ZXNzYWdlLS0tLS0NCkZyb206IFN0ZXZlIENsYWVyaG91dCBbbWFpbHRvOnN0ZXZlQGNsYWVyY29t
LmNvbV0NClNlbnQ6IFN1bmRheSwgTm92ZW1iZXIgMjUsIDIwMDcgMTI6NDIgUE0NClRvOiB0b21z
cG9sZXRpbmlAc3BvbHVtYm9zLmNvbQ0KU3ViamVjdDogUmU6IFByaW50ZXIgRGltZW5zaW9ucw0K
DQoNCk5vdCBzdXJlIGlmIFRvbW15IGFuZCBTdGVmYW5uYSdzIGludGVybmV0IHdvcmtzIG9yIGlm
IENyYWlnIGNoYW5nZWQNCnNvbWV0aGluZyBpbiB5b3VyIG9mZmljZT8NCg0KRG9lcyBpdCBzYXkg
YW55dGhpbmcgYnkgdGhlIGNsb2NrIGFib3V0IGEgY2FibGUgYmVpbmcgZGlzY29ubmVjdGVkPw0K
DQpTdGV2ZQ0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NClNlbnQgdXNpbmcgQmxhY2tCZXJy
eQ0KDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiB0b21zcG9sZXRpbmlAc3Bv
0
Comment
Question by:steve90ttz
  • 6
  • 4
11 Comments
 
LVL 6

Expert Comment

by:dworlton
Comment Utility
Well this is not an encrypted text. It is simply encoded to base64, which is normal. Copy this to http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/Default.aspx to see what the message said. It came up fine for me, which guarantees nothing other than plain old base64 encoding. Generally the mail client should already know that it is encoded and decode the message. Can you send the message headers that came with this message? I am wondering whether the headers properly describe the e-mail's content.
0
 
LVL 1

Author Comment

by:steve90ttz
Comment Utility
Return-Path: <tomspoletini@spolumbos.com>
Delivery-Date: Mon, 26 Nov 2007 12:17:51 -0500
Received-SPF: none (mxus0: 64.59.128.220 is neither permitted nor denied by domain of spolumbos.com) client-ip=64.59.128.220; envelope-from=tomspoletini@spolumbos.com; helo=bpd2mo2no.prod.shawcable.com;
Received: from bpd2mo2no.prod.shawcable.com (shawmail.shawcable.com [64.59.128.220])
      by mx.perfora.net (node=mxus0) with ESMTP (Nemesis)
      id 0MKoTA-1Iwhah0gEO-0002Fg for steve@claercom.com; Mon, 26 Nov 2007 12:17:51 -0500
Received: from bpd2mi5no.prod.shawcable.com
 (bpd2mi5no-qfe3.prod.shawcable.com [10.0.184.160])
 by bpd2mo2no.prod.shawcable.com
 (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004))
 with ESMTP id <0JS400F78IPLHO50@bpd2mo2no.prod.shawcable.com> for
 steve@claercom.com; Mon, 26 Nov 2007 10:17:45 -0700 (MST)
Received: from mail.spolumbos.com
 (S0106000bdb19c007.cg.shawcable.net [68.144.66.69])
 by bpd2mi5no.prod.shawcable.com
 (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004))
 with ESMTP id <0JS400H8HIPEKZ00@bpd2mi5no.prod.shawcable.com> for
 steve@claercom.com; Mon, 26 Nov 2007 10:17:45 -0700 (MST)
Received: from SP11 ([10.10.1.109])
 by mail.spolumbos.com (Lotus Domino Release 6.0)
 with ESMTP id 2007112610153308-3105 ; Mon, 26 Nov 2007 10:15:33 -0700
Date: Mon, 26 Nov 2007 10:15:11 -0700
From: Tom Spoletini <tomspoletini@spolumbos.com>
Subject: FW: Printer Dimensions
To: steve@claercom.com
Message-id: <000201c8304f$e75fe430$6d010a0a@spolumbos.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
Content-type: text/plain; charset="iso-8859-1Content-Transfer-Encoding:base64"
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
X-MIMETrack: Itemize by SMTP Server on web01/Spolumbos(Release 6.0|September
 26, 2002) at 11/26/2007 10:15:33 AM,
      Serialize by Router on web01/Spolumbos(Release 6.0|September 26,
 2002) at 11/26/2007 10:16:07 AM
X-TM-AS-Product-Ver: <SMD>-<3.0.0.1280>-<3.6.1039>-<14828>
X-TM-AS-Result: <No>-<-9994.182>-<5.0>-<99000>
Envelope-To: steve@claercom.com

0
 
LVL 6

Expert Comment

by:dworlton
Comment Utility
I don't know if there is a copy paste issue on that header, but it seems to coincidental that there is a problem where I thought I would see one. Take a look at the "Content-type:" line. It looks as if you have header information running over and thereby not describing the e-mail correctly. It does state that the Content-Transfer-Encoding is base64 as I suspected, but there is some runover with quotes.

A copy of a header from one of my e-mails looks like:

MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I think yours should read similarly by moving the quotes:

Content-type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding:base64

Or perhaps the quotes should be removed completely. Is it a consistent sender that is causing these problems? Is the sender using a custom e-mail client that isn't handling the headers correctly? Without the header information being intact your client will not know to decode the base64 stream. Any other information you can provide?
0
 
LVL 31

Expert Comment

by:qwaletee
Comment Utility
Actually, I think a agteway of some sort is bonking it. The X-MIMEOLE header tells me that this comes from Office, and that's something I haven't see jumbled by Office.
0
 
LVL 6

Expert Comment

by:dworlton
Comment Utility
Good point. Do you have a new mail system maybe? Or have you had some data corruption issues due to your connection?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 1

Author Comment

by:steve90ttz
Comment Utility
Thanks for the responses. It is being sent from Outlook 2000. Here is a "healthy header" sent by the same sender.

Thanks,
Steve

Return-Path: <tomspoletini@spolumbos.com>
Delivery-Date: Tue, 16 Oct 2007 08:17:23 -0400
Received-SPF: none (mxus1: 64.59.128.220 is neither permitted nor denied by domain of spolumbos.com) client-ip=64.59.128.220; envelope-from=tomspoletini@spolumbos.com; helo=bpd2mo2no.prod.shawcable.com;
Received: from bpd2mo2no.prod.shawcable.com (shawmail.shawcable.com [64.59.128.220])
      by mx.perfora.net (node=mxus1) with ESMTP (Nemesis)
      id 0MKoXI-1IhlMR1vuv-0007bC for steve@claercom.com; Tue, 16 Oct 2007 08:17:23 -0400
Received: from bpd2mi3no.prod.shawcable.com
 (bpd2mi3no-qfe3.prod.shawcable.com [10.0.184.122])
 by bpd2mo2no.prod.shawcable.com
 (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004))
 with ESMTP id <0JQ000KZT7GYQC90@bpd2mo2no.prod.shawcable.com> for
 steve@claercom.com; Tue, 16 Oct 2007 06:17:22 -0600 (MDT)
Received: from mail.spolumbos.com
 (S0106000bdb19c007.cg.shawcable.net [68.144.66.69])
 by bpd2mi3no.prod.shawcable.com
 (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004))
 with ESMTP id <0JQ000D7Q7GX0K00@bpd2mi3no.prod.shawcable.com> for
 steve@claercom.com; Tue, 16 Oct 2007 06:17:22 -0600 (MDT)
Received: from SP11 ([10.10.1.109])
 by mail.spolumbos.com (Lotus Domino Release 6.0)
 with ESMTP id 2007101606155645-4906 ; Tue, 16 Oct 2007 06:15:56 -0600
Date: Tue, 16 Oct 2007 06:15:30 -0600
From: Tom Spoletini <tomspoletini@spolumbos.com>
Subject: RE: Claercom Availability Notice
In-reply-to: <021701c80fb3$245df880$6d19e980$@com>
To: 'Steve Claerhout' <steve@claercom.com>
Message-id: <004001c80fee$3f5187c0$6d010a0a@spolumbos.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
Content-type: multipart/related;
 boundary="----=_NextPart_000_0041_01C80FBB.F4B717C0"
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
X-MIMETrack: Itemize by SMTP Server on web01/Spolumbos(Release 6.0|September
 26, 2002) at 10/16/2007 06:15:56 AM,
      Serialize by Router on web01/Spolumbos(Release 6.0|September 26,
 2002) at 10/16/2007 06:15:57 AM
X-TM-AS-Product-Ver: <SMD>-<3.0.0.1280>-<3.6.1039>-<14828>
X-TM-AS-Result: <No>-<-10016.445>-<5.0>-<99000>
Envelope-To: steve@claercom.com

0
 
LVL 6

Accepted Solution

by:
dworlton earned 250 total points
Comment Utility
Well, you have a different content type now, so it isn't being encoded to base64. The sender has switched from plain-text to rich text or html. Have the sender try sending a new e-mail as plaintext, and the same e-mail converted to richtext or html. Do any of these come across poorly? Also, I noticed that part of the message was from a blackberry user, perhaps that user forced the plaintext instead of html or richtext? Is a blackberry device a common element in the poorly encoded messages? In any case plaintext e-mails should be coming across fine. If plaintext consistently comes across bad then we have a good starting point for investigation.
0
 
LVL 1

Author Comment

by:steve90ttz
Comment Utility
After doing more research with the help of everyone above, it does appear to be a problem with how the message is formatted. New messages are always fine and the user's outlook was set to Rich Text by default. Replies is where the problem lies. If it gets switched to plain text, the message comes through "corrupted". If you manually switch it to Rrich Text or HTML it is fine. What do you think I should do as the next step? Use word as the default editor and set it to HTML?

Thanks for all the help and sorry for the delay in getting back to the board.
Steve
0
 
LVL 6

Expert Comment

by:dworlton
Comment Utility
That is unusual. You shouldn't have to force Rich Text or HTML for the headers to be created properly. You could try setting word as the default editor, but I would almost say a fresh re-install is in order since a very basic function is not working properly and may be caused by some weird add-on or corrupted file somewhere unseen. Also, I am not sure that changing the e-mail editor is the solution since the problem seems to be in the way the header is formed.

So I guess I would recommend trying the editor change, if that works and you are satisfied, then great. Otherwise, a re-install would be the only other option I can think of (although occasionally there are weird problems with IE cache and other weird anomalies causing problems in Outlook).

Let us know how that goes.
0
 
LVL 1

Author Comment

by:steve90ttz
Comment Utility
The strangest thing about this is that it happens with multiple computers at the site. They are all using Outlook 2000.

Steve
0
 
LVL 6

Expert Comment

by:dworlton
Comment Utility
Any plans to roll out an upgrade in the near future (I believe OL 2000's MS support is almost up, if not already)? If so, now would be a good time to try out a newer version. If not, simply try out the editor and re-install on one of the non-functioning machines. It is odd that more than one computer would have a strange problem like this, but they are all in the same company, so it is not impossible that they all contracted the same problem.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
Problem "Can you help me recover my changes?  I double-clicked the attachment, made changes, and then hit Save before closing it.  But when I try to re-open it, my changes are missing!"    Solution This solution opens the Outlook Secure Temp Fold…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now