Solved

e-mail messages from some senders lose MIME formatting

Posted on 2013-02-06
15
772 Views
Last Modified: 2013-08-25
Several months ago we started getting some e-mail messages where the MIME fomat was lost so that the message content showed the MIME header and all of the tags and coding, with the message hard to find and read.  Also there would be nothing shown in the FROM: TO: and SUBJECT: fields in the mail client (Outlook 2007).  We are running Exchange 2007 SP3, with a Deep6 spam appliance, the Exchange Content Filter and TrendMicro anti-spam mail filter.  The Deep6 appliance only passes or rejects messages based upon a score derived from dns and blacklists.  As far as I know, the Exchange content filter only passes or dumps into a spam mailbox messages based upon it's scoring criteria.  And the TrendMicro just removed the offending attachment, replacing it with a text notice.  As far as I know, none of these systems should modify messages.
Sometimes the content is no longer in the message and instead we get something like the message below (the upper part above the block of apparently random characters is what all of the problem e-mails look like).
----------------------------------------------------------------------------------------------------------------------------
From:
Sent: February 06, 2013 4:08 PM
Subject:

Received: from pat1.int.us.randstad.com ([10.12.3.103]) by
 pat1.us.randstad.com with Microsoft SMTPSVC(7.5.7600.16601);       Wed, 6 Feb 2013
 16:08:07 -0500
Received: from MERCURY.rna.int.us.randstad.com ([fe80::5efe:10.12.3.103%11])  by Mercury.rna.int.us.randstad.com ([fe80::5efe:10.12.3.103%11]) with  Microsoft SMTP Server id 14.02.0318.001; Wed, 6 Feb 2013 16:08:05 -0500
From: Sunnie Rice <Sunnie.Rice@randstadusa.com>
To: Greg Radikopf <greg@rootorg.com>
Subject: Automatic reply: Executive Assistant/Secretary Position
Thread-Topic: Executive Assistant/Secretary Position
Thread-Index: Ac4ErgN/mCYxPAE8RkW1pIP9L3ZotAAAAr7w
Date: Wed, 6 Feb 2013 21:08:05 +0000
Message-ID: <27c172e26ca94a49b80a3dcd1721547d@MERCURY.rna.int.us.randstad.com>
References: <4BC5F83267380F48A558F84C9A9F250F4FC2892F5F@bay.rep.rootorg.net>
In-Reply-To: <4BC5F83267380F48A558F84C9A9F250F4FC2892F5F@bay.rep.rootorg.net>
X-MS-Has-Attach:
X-Auto-Response-Suppress: All
X-MS-Exchange-Inbox-Rules-Loop: Sunnie.Rice@randstadusa.com
X-MS-TNEF-Correlator:
x-tm-as-product-ver: SMEX-10.2.0.2087-7.000.1014-19598.004
x-tm-as-result: No--35.469100-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Return-Path: <>
X-OriginalArrivalTime: 06 Feb 2013 21:08:07.0778 (UTC) FILETIME=[0FE48C20:01CE04AE]
X-MS-Exchange-Organization-OriginalArrivalTime: 06 Feb 2013 21:08:21.2093
 (UTC)
X-MS-Exchange-Organization-AuthSource: bay.rep.rootorg.net
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-PRD: randstadusa.com
X-MS-Exchange-Organization-SenderIdResult: None
Received-SPF: None (bay.rep.rootorg.net: Sunnie.Rice@randstadusa.com does  not designate permitted sender hosts)
X-MS-Exchange-Organization-SCL: 0
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report:
 DV:3.3.5705.600;SID:SenderIDStatus None;OrigIP:10.12.3.103
X-MS-Exchange-Organization-OriginalSize: 2056

77u/DQpJIGFtIGN1cnJlbnRseSBvdXQgb2YgdGhlIG9mZmljZSBvbiBtYXRlcm5pdHkgbGVhdmUu
ICBJbiBteSBhYnNlbmNlIHBsZWFzZSBlLW1haWw6DQoNCkthdGh5IEhhbHRlciwga2F0aHJ5bi5o
YWx0ZXJAcmFuZHN0YWR1c2EuY29tPG1haWx0bzprYXRocnluLmhhbHRlckByYW5kc3RhZHVzYS5j
b20+LCBMZXNsaWUgVmVpZ2EsIGxlc2xpZS52ZWlnYUByYW5kc3RhZHVzYS5jb208bWFpbHRv
b20+Omxl
c2xpZS52ZWlnYUByYW5kc3RhZHVzYS5jb20+IG9yDQpHaW5ueSBGYXJyZW5zLCBnaW5ueS5m
c2xpZS52ZWlnYUByYW5kc3RhZHVzYS5jb20+YXJy
ZW5zQHJhbmRzdGFkdXNhLmNvbQ0KDQpTaG91bGQgeW91IHJlcXVpcmUgaW1tZWRpYXRlIGFzc2lz
dGFuY2UsIHBsZWFzZSBjYWxsIHRoZSBvZmZpY2UgYXQgMzg2LTYxNS0xMzg4LiAgVGhhbmsgeW91
Lg0KDQo=
------------------------------------------------------------------------------------------------------------------
We did not change anything on any of our systems when this started happening, and although most e-mail comes in looking normal, the incidence of the above seems to be increasing.
I have found that one large company that send through Postini, almost all of the mail we get from one office has the problem, but all of the mail from another location of theirs (also through Postini) is fine.  They say it is not their problem and they did not change anything either.
Any ideas would be appreciated.  The only instances I have been able to find with this happening was web developers creating applications to send mail.
0
Comment
Question by:PaulR
  • 7
  • 6
  • 2
15 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38861856
Forwarding thru different email clients has been known to cause this.  The MIME boundaries get corrupted and the code that said that section was base64 encoded has been lost.

Or it should have a line that says: Content-Transfer-Encoding: base64  Your example does have that so I'm not sure what's going on.  Those characters would normally be converted into readable text.

If you can get an email direct to another account that does not go thru Postini, you can look at the original source to see if there is anything different.
0
 

Author Comment

by:PaulR
ID: 38861869
The problem is that I am being asked to fix this problem, that from what I can tell, is being caused by the senders.  I have not control over the senders, so how am I supposed to fix this? If there is something on our system I can do, I would sure like to know what it is.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38862107
Well, you first have to find out what is wrong.  And the only way to tell that is to get the original source for the messages so you can tell what is being changed.  The chances are that the original email is in at least an acceptable format or the sender would be fixing their own problems.  And you should know that no two email clients do everything the same way.  You can't even count on two different versions being exactly the same.  Email after all these years is still a mess.

Truth is that almost everything that handles your mail messages can change it.  Anti-virus programs for example create a proxy on your computer and frequently attach a 'signature' to show that the email has been scanned.  Several programs along the way have screwed it up so bad you couldn't read the email message.  That was mostly because they got the MIME boundaries wrong.  Also, forwarded emails that go thru multiple email clients often have gotten munged up, often because they did something wrong with the MIME boundaries.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 38863022
if you reply to the sender and have them send the message again as the original was corrupted do you get another corrupted message or does it come through properly?

Since you receive a majority of messages without a problem I'd tend to believe that the problem is not at your end, which means there is not a great deal you can do to fix it.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38863051
That may be true but since he has been given the job of fixing it, he at least needs to gather the facts that show where the problem is.
0
 

Author Comment

by:PaulR
ID: 38863952
The problem seems to be ALMOST consistently related to who\where the sender is.  When we first started seeing this, it was people sending mail from Blackberries and this one company that we do a lot on business with.  Almost every mail from any person at that company.  But then we get one the other day from someone who we have previously (recently) received bad formatted messages that looked fine.  Also, at first I thought it had to do with messages that had many replies back and forth, but original messages from the same senders also had the problem.
So to answer ve3ofa's question.  Yes, almost always if we have problems from any particular sender, it is all (or nearly all) mail from that sender.
0
 

Author Comment

by:PaulR
ID: 38979044
Possible new clue.
Now another of our users have begun receiving these problem messages.  The latest one might have a clue to shed some light on the issue. The content portion comes in as:

--Apple-Mail-52A8935D-5A4E-46E2-BC8D-56E0ACCF006D
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

V2Ugd291bGQgbG92ZSB0byBoYXZlIGEgcmVwc
... lots of this hex ...
dj48L2Rpdj48L2Jsb2NrcXVvdGU+PC9ib2R5PjwvaHRtbD4=

--Apple-Mail-52A8935D-5A4E-46E2-BC8D-56E0ACCF006D--

Does this shed any light for anyone?
Paul
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 38979080
you may want to try UUD32Win: http://my.execpc.com/~mspankus/ or uudeview: http://www.miken.com/uud/ and see if they  can decode these messages
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38980150
The two line beginning with '--Apple-Mail' are the starting and ending MIME boundaries for that section which is 'base64' encoded.  That also tells you that that section was created by the Apple Mac Mail program and that it was supposed to be an HTML section after decoding.  

If you are seeing that in the clear, then the MIME boundaries that were supposed make that work properly got broken, probably when it was forwarded.
0
 

Author Comment

by:PaulR
ID: 38981674
Thank you ve3ofa, for the http://www.miken.com/uud/ link.  I had tried some online decoders, but all they did was report that the base-64 string was not valid or the header was malformed.  The uudeview utility was able to extract some of the message, and also showed that the message was a reply to an e-mail that our user sent from his iPhone (through Exchange) that was also probably a reply to a e-mail he received.

So I now have more information, but still no solution.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38982197
If one of the replies or forwards breaks the formatting and MIME boundaries, there won't be a solution.  I used to get broken emails like that fairly often.
0
 

Author Comment

by:PaulR
ID: 38995590
Friday I applied the latest update rollups to Exchange 2007 SP3 on the slight chance that it might have helped.  It did not.
0
 

Accepted Solution

by:
PaulR earned 0 total points
ID: 39423563
Oops.  I thought I had posted the solution, but I see that I have not.

This issue was resolved by upgrading the TrendMicro Scan Mail for Exchange from version 8 to v 10.2 SP2 (which had to be done by uninstalling the old version and installing the new).

I can only surmise that there are some new mail formatting 'standards' that are now being used that the old ScanMail did not understand.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39424162
Actually, there have been quite a few versions of anti-virus products that broke email formatting over the years when they put their own block in the body of the email.
0
 

Author Closing Comment

by:PaulR
ID: 39436730
This completely resolved the issue.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now