lost headers (was Re: script to break up mp3s)

Kurt Granroth plug-discuss at granroth.org
Thu Aug 4 06:48:56 MST 2005 

On Wednesday 03 August 2005 10:58 pm, Jeremy C. Reed wrote:
> We should track down specifically what mail *tool* lost my important :)
> email message. I agree with Kurt: it's a bug that needs to be reported.
>
> Please see
> http://lists.plug.phoenix.az.us/lurker/message/20050804.005401.9719e855.en.
>html and
> http://lists.plug.phoenix.az.us/lurker/message/20050804.013243.964e82c1.en.
>html
>
> Does anyone know where the lines were lost?
>
> I am interested in solving this. Other readers: please let me know if my
> two lines were missing for you.

This is going to be tricky to track down without "inside help", so to speak.  
It's fairly obvious that it's a buggy MTA (or maybe spam filter?) that's 
client facing and appears after the plug MTA.  So examining headers in the 
list archives won't work nor will looking at the headers in my own plug 
mailbox (or yours or likely most people on this list) since the mail won't 
have gone through that specific MTA.

I am also interesting in finding out where the culprit is.  I think it'll take 
the following steps:

1. Identify somebody who receives the altered messages and is willing to track 
down the source
2. Get the complete raw headers for that message from that person
3. Enumerate each of the mail servers contacted along the way
4. Attempt to connect to each of those servers in turn to send a specifically 
formatted test message

The tricky part here is the last one since some servers will be behind 
firewalls and others may only allow relaying.

I'll end this post with a personal anecdote.  In all my years of dealing with 
email, I have had the displeasure of running into an MTA that modified email 
message bodies only once.  That MTA is and was Microsoft Exchange.  My first 
inclination that something was wrong was when attached PDF and PS files 
sometimes arrivied in a corrupted state.  It was apparent looking at the 
source that the content was being modified... but at this point, I was 
suspecting the clients since *obviously* the MTA isn't going to screw up like 
that.  Anyway, then my co-workers and I started signing our messages with 
GPG... and promptly saw that our messages could never be validated.  Saving 
the received messages and comparing them byte-by-byte to the original sent 
message made it clear: Exchange was arbitrarily changing the body of the 
messages!  That's why the signatures didn't work... the message that was sent 
was not at all the message that arrived. :-(

More information about the PLUG-discuss mailing list