"malformed MIME header line" error for messages modified by Microsoft-Antispam

[banderlog]

Hi,

I tried to use aerc terminal mail client which uses go-message to fetch and parse IMAP messages. I keep getting errors "malformed MIME header line" or "malformed MIME header key":

https://github.com/emersion/go-message/blob/39a10da4c3f18079d86ce794baf080edf596c997/textproto/header.go#L544 https://github.com/emersion/go-message/blob/39a10da4c3f18079d86ce794baf080edf596c997/textproto/header.go#L553

I found an old github issue on the matter in which was said that everything was fixed in Dec-2020, so I tried all go-message versions from v0.12 to v0.15 -- error persists.

However, neomutt parses the same mails without any problems at all, as well as office365 applications.

I have the example of such mail saved with mutt. In this case, aerc crashed with failed to read part header: message: malformed MIME header line: links or open attachments unless you recognize the sender and know the cont=

Could you please say what is wrong with it?

message with defect header

``` Received: from AS8PR05MB8423.eurprd05.prod.outlook.com (2603:10a6:20b:3c8::8) by DBBPR05MB6330.eurprd05.prod.outlook.com with HTTPS; Sun, 14 Nov 2021 14:10:35 +0000 Received: from AM6P192CA0017.EURP192.PROD.OUTLOOK.COM (2603:10a6:209:83::30) by AS8PR05MB8423.eurprd05.prod.outlook.com (2603:10a6:20b:3c8::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.18; Sun, 14 Nov 2021 14:10:32 +0000 Received: from VE1EUR01FT048.eop-EUR01.prod.protection.outlook.com (2603:10a6:209:83:cafe::1e) by AM6P192CA0017.outlook.office365.com (2603:10a6:209:83::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.15 via Frontend Transport; Sun, 14 Nov 2021 14:10:32 +0000 Authentication-Results: spf=pass (sender IP is 209.85.219.171) smtp.mailfrom=gmail.com; dkim=pass (signature was verified) header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass reason=100 Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates 209.85.219.171 as permitted sender) receiver=protection.outlook.com; client-ip=209.85.219.171; helo=mail-yb1-f171.google.com; Received: from exchange.companynameinc.com (197.167.232.128) by VE1EUR01FT048.mail.protection.outlook.com (10.152.3.69) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.4690.26 via Frontend Transport; Sun, 14 Nov 2021 14:10:32 +0000 Received: from ExchUA6.companynamecom.com (177.27.0.136) by ExchUA4.companynamecom.com (177.27.0.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2375.12; Sun, 14 Nov 2021 16:10:30 +0200 Received: from mail2.companynamecom.com (177.177.232.35) by ExchUA6.companynamecom.com (172.77.0.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2375.12 via Frontend Transport; Sun, 14 Nov 2021 16:10:30 +0200 Received: from mail-yb1-f171.google.com (mail-yb1-f171.google.com [209.85.219.171]) by mail2.companynamecom.com (Postfix) with ESMTPS id 09A345FBD7 for ; Sun, 14 Nov 2021 16:10:16 +0200 (EET) Received: by mail-yb1-f171.google.com with SMTP id v7so38699643ybq.0 for ; Sun, 14 Nov 2021 06:10:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=ggp92ioH9JTolJeDg/pOOT3Q9KEnL9dNHfnBFTLaIHA=; b=T3DpPQT2ThdJXMum+ucK2KAQG5E37wcVwCu2SZxPGY837ybgKWMS/zsNMfayXlBzZa 2VuRnMnMAoUgr3nczoNTsZodSX3YeqrvqR0wf8W5YZGd2VM3WYOKPUUHXZwVIe+VbKhS lxM2lCShMF9F2iLD91zOsycDinelg9sjuJJRZKFNgkmPQ9svc4W6rkSCFfo5vceJicrH qma50TFvaA1uToIM76X5a0Uj9qvM5oFCXwZi7IJAJ/OtoY8ms5UiRt1e2sS+22YcVzNA OWBSYp/isGjs/m7ztWSs3N12XrBZyl5Grl4AXGrteapfk9u8pyNzgukSFOW5D0FLTkfe 7NrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ggp92ioH9JTolJeDg/pOOT3Q9KEnL9dNHfnBFTLaIHA=; b=1GzKVBOS+VDnSuHRe97cHDGcO83x2RdoYy/PMWQlB5ro/AfZN4hit1Iz1wuyp5OkXj pA35VdSqG8sx5i8YLpZ2djj681STIDZLRgOmLaCOFhK/O1P/IPsyM+atoIDTnfcDofzr x9HL8NczccbWV6lgyRVDYyq5uv6m/4z65ih+x8sEvKjSN26AcQcpaX+PPw7yB+Bml8Wk lpRAZ/rX9yI4HkcgZCxE1mw2ik5d1Jipg8F8BCV+FqnsmDHHZPoOajHnOtsF/ab1qM34 3MfKKlymUE2nxTvs9knM5exkoaYJoWss7Zm1AlXYzemaOv4CDbRL6HEs9nvMzNWaXGek kwIQ== X-Gm-Message-State: AOAM532mFOw54e7ut/6wHZZjpuIPu6v46B/04fy99rqLdAJSJ4RdGSSp B10OHlp9YfORuxbT7YHNoFowcawP/1lFBBEnjxxIcRxb X-Google-Smtp-Source: ABdhPJyTuVORdEkb6H/HfoT68fTR5l134Jo71IiZy+0OxkHuhAFj645PrNl69KZlzSgVR22NO4SfyQdLuBwsDSfg/zo= X-Received: by 2002:a25:2d3:: with SMTP id 202mr33789713ybc.111.1636899013069; Sun, 14 Nov 2021 06:10:13 -0800 (PST) From: =?UTF-8?B?0JHQvtGA0LjRgSDQmtCw0LHQsNC60L7Qsg==?= Date: Sun, 14 Nov 2021 16:10:02 +0200 Message-ID: Subject: ping To: username@companynameinc.com Content-Type: multipart/alternative; boundary="000000000000350f0f05d0c04034" X-XX-MailScanner-Information: Please contact the noc@companynamecom.com for more information X-XX-MailScanner-ID: 09A345FBD7.A8027 X-XX-MailScanner: Found to be clean X-XX-MailScanner-From: username@gmail.com X-Spam-Status: No Return-Path: username@gmail.com X-OrganizationHeadersPreserved: ExchUA4.companynamecom.com X-MS-Exchange-Organization-ExpirationStartTime: 14 Nov 2021 14:10:32.1361 (UTC) X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000 X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit X-MS-Exchange-Organization-Network-Message-Id: 58b3a39d-a497-4ee5-4338-08d9a7788525 X-EOPAttributedMessage: 0 X-MS-Exchange-Organization-MessageDirectionality: Originating X-MS-Exchange-SkipListedInternetSender: ip=[209.85.219.171];domain=mail-yb1-f171.google.com X-MS-Exchange-ExternalOriginalInternetSender: ip=[209.85.219.171];domain=mail-yb1-f171.google.com X-CrossPremisesHeadersPromoted: VE1EUR01FT048.eop-EUR01.prod.protection.outlook.com X-CrossPremisesHeadersFiltered: VE1EUR01FT048.eop-EUR01.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Exchange-Organization-AuthSource: ExchUA6.companynamecom.com X-MS-Exchange-Organization-AuthAs: Anonymous X-OriginatorOrg: companynameinc.com X-MS-Office365-Filtering-Correlation-Id: 58b3a39d-a497-4ee5-4338-08d9a7788525 X-MS-TrafficTypeDiagnostic: AS8PR05MB8423: X-MS-Oob-TLC-OOBClassifiers: OLM:1728; X-MS-Exchange-Organization-SCL: 1 X-Microsoft-Antispam: BCL:0; X-Forefront-Antispam-Report: CIP:195.160.232.128;CTRY:US;LANG:ru;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail-yb1-f171.google.com;PTR:mail-yb1-f171.google.com;CAT:NONE;SFS:(4636009)(84050400002)(7116003)(5660300002)(8676002)(7596003)(26005)(73392003)(3480700007)(1096003)(8936002)(85182001)(6916009)(82202003)(42186006)(33964004)(22186003)(55446002)(336012)(76482006)(58800400005)(86362001)(156005)(6666004)(82310400003)(7636003)(220243001);DIR:INB; X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Nov 2021 14:10:32.0582 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 58b3a39d-a497-4ee5-4338-08d9a7788525 X-MS-Exchange-CrossTenant-Id: 6c51c659-9d52-41af-81f7-dde16380e813 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=6c51c659-9d52-41af-81f7-dde16380e813;Ip=[195.160.232.128];Helo=[exchange.companynameinc.com] X-MS-Exchange-CrossTenant-AuthSource: ExchUA6.companynamecom.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR05MB8423 X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.4541483 X-MS-Exchange-Processed-By-BccFoldering: 15.20.4690.027 X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506458)(944626604)(920097)(930096); X-Microsoft-Antispam-Message-Info: =?utf-8?B?cmlXL3F2WDI2OThEV244MGJuYnpqWVI5alJvQURDVE1zUWpKdkpqK29jM3Yz?= =?utf-8?B?aXk3L01PSGgrQXZLUTJ0MU5UZlZyOStDR2xuVDM5aHJDUThPWVA4Ui8vb1Jw?= =?utf-8?B?UFhhekNvN0dQTVNTOEF4RURrZERLRlI2ZlBtRTFaRzZzR1FCeEZrZmdjbnY2?= =?utf-8?B?aW1VZUxMTXNpak95VkhiVVlXaXZoMFpKOWphNnlyOW9TMmtsclNBaFpXZEhX?= =?utf-8?B?Q0lwTCtJdUk1UXJidXBVZzQ3L0ttT2VobWVlYXZwK25WWHdnVUdJYW1Hb0Fz?= =?utf-8?B?cXQrNXBnZlpHdnYyUi8rVzFrS1NJKzN2SjNLUUlqak44OWRUQXBiWE1UQW5x?= =?utf-8?B?VkZtRnZ6NFk1NFEvRVEyL25maFZaUEFEeFQ0cDFYR1IxV0VORVFZQVVuVlNF?= =?utf-8?B?Q1Urbm4vQkVCa3U2VEwyNHc3VVZ1R0VXMVVRYlh1VTZxZW1uejlrQkJhVTRj?= =?utf-8?B?NXZ4SnNLVnBaZklNS1pjUVdnNTVqOENrTlRXeDJwZ1lBWEtMYkh1Kzdld280?= =?utf-8?B?T1Via0ZqZHZsWExBeisxelEvM1ZGRkt2TGExV2xnNFB1d1Y1a2FYOTFqRFFx?= =?utf-8?B?VVh4TDREZkdlOGQ5Y29wdExRMERJSzdHWnEwWnZ2Y3NmRVBJbzVGU0RYdnk2?= =?utf-8?B?L1IxSkRCSVRCSHhTM0s4Q3pyTy9tWXp2RHdxUkY1ejVZQXZLSDBJcW1Zengv?= =?utf-8?B?ZVZ3NDZEallkYXNsRmdCcU5HMjRwdlNGYkFRZXFUQXFnRVdmQUNSR3U0SzBZ?= =?utf-8?B?WVducm8zTnRibS8rbUxORlVlbkN6TW8vSWhSTzVvR1JGMGRTenJOQVNSMzAr?= =?utf-8?B?VDAzR0xTdUdFMDRYOEVjVjZ2ZFo2Y2M5SWhZNlpmVUc2K2FKWGZoQUhwSzA3?= =?utf-8?B?QVpUYjlrZXlTeTQwVVkzcEJqL3JpQzhGTXFIdlp0d1dpOG40eHl0K2x2bW53?= =?utf-8?B?TFdRTlh0TFg3TUE3VzcxRmJUSSsxY2cveTk5dXhxcFVTRGZ2eGFVbzN3MmV1?= =?utf-8?B?SEhqeld2bXFOOEVSV1E3aVpuZTU4bVBMZXZUM0VkdmdBZjVaS3RpRnh4YkRt?= =?utf-8?B?UWdQY3A4L3RrRFZUNlFLWXkvaFBxQUFOblJtVGZPbFRYaWJqaWpYMjJqQ1JE?= =?utf-8?B?UE5Kc3VqNnJ2RGdjVVhnSER6bFkrS1JUT3ZIQmJFeWw3eFVTQnJRMTd5ZkpH?= =?utf-8?B?WEVSNVhneGFVODJMbEpvTnBaS1pDYS82ekNJUmVRczhNMlVlYkNhenIvZkZy?= =?utf-8?B?SkhTYldHelRRU0M2czZxMExwWmRaSkpPK0lHK3lJOC9MY29MOVIyL1ZNQ3F2?= =?utf-8?B?ZTdLcnNXSUoxWUYxSzJaK0UrVlVpMFB6aEZ6RDB4NTNoYnhhQ1hzdDQzQ1BI?= =?utf-8?B?aFhibklsYjZZNHNmY2RTSDRYR2NxM3djVWFWanhXMjh3SUw3YkY2cnNrR2Nv?= =?utf-8?B?SlJwMWFLRGJOOWRGeEZ1disrdUMwV3Q4RkZqSUhtcjFPN1ZVem53S2hKMWZ4?= =?utf-8?B?MDcxa0YwSTc2dy9NL3lRU0xIaFhiYTZaS0o5N1V2QmtwdHpnN2RTRkRzMzc4?= =?utf-8?B?M2ppSElNV3lQMEJZTWlCNlYzWFVFb29yNXpFa0xVZlRhNHlIalhOOEc2WG81?= =?utf-8?B?VzNyYlptMCt5V1dDUmpOVXgvaUd5cFRTQW94VldOUE1hVUlTM2hxN2NYcTRu?= =?utf-8?B?MmJXb1A4VWRaKzUyL2ZnK2xsZTd0YSs3bStldVZvNHErUm9ZY21JR1ZkSC92?= =?utf-8?B?b0RlTEZFS3ZzRG9BTVM3L1laMlI5WTBrRzhoeXdvcm9kK3NxMzFDTXhSSHor?= =?utf-8?B?SElCd3poYUJ0TUcyb1pIK3YrS0Jyc2ZONCtFdGhSZDVSam5wREhRZlVSbGVv?= =?utf-8?B?RkZUb2RCS2RaclRtWFNuV3VLai9Hc3pUNERzU0EybjZWSXVkQTIzM3g5czFI?= =?utf-8?B?ZFlLcmpVTFJ3bTJyWWkvWkdQV05qdWlBODlQOC9PUEptelBMV05YZ09BbkxN?= =?utf-8?B?QXlnb1RFU21PV1Fma3ZwMVE5TnE2dC9oMVZ2L2VabVBsbS9Wd1FSTmtPWUdw?= =?utf-8?B?bGMrQXZMZzBFSUFGNXk1OGdCTm5JRE1kK0JGdz09?= MIME-Version: 1.0 --000000000000350f0f05d0c04034 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable CAUTION: This email originated from outside the organization. Do not click = links or open attachments unless you recognize the sender and know the cont= ent is safe. test --000000000000350f0f05d0c04034 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

CAUTION: This email originated from outside the organizatio= n. Do not click links or open attachments unless you recognize the sender a= nd know the content is safe.

test

--000000000000350f0f05d0c04034-- ```

All messages without "CAUTION: This email originated from outside the organization....." message opens without problems.

[emersion]

Seems like an aerc bug. It tries to parse message bodies as headers.

[banderlog]

Thanks, I'll go to their bug tracker

[mpldr]

I can confirm that this is not an issue with go-message. The issue is that go-imaps GetBody(part) does not include the MIME headers despite them being present. Still looking into why that is with only mails tainted by Microsoft.