Why is my desktop email client breaking mail message headers?

[superboyac]

I've found out that my email client on my desktop computer is doing something like breaking up the mail message headers prior to downloading.  This is causing a problem with my spam detection, and since the antispam plugin is seeing blank headers, all my emails are going to the junk box.  I can't seem to find where the issue is.

Here's my setup:
The Bat! client
Antispam Sniper
Bitdefender Free Antivirus

Now, all this started happening 2/17.  At first I thought it was Bitdefender, because previous to that I was using MSE.  But I installed Bitdefender on 2/19, so that's not it.
Other than that, I can't tell what else I could have possibly done on that date.
Antispam Sniper is flagging everything as spam because it triggers the blank From.  But it's not ASS's fault, it is doing the right thing.  Something else is causing the headers to break up before it even gets to ASS.

I haven't changed any windows firewall settings.

Any suggestions?

[Innuendo]

Depending on how motivated you are, you could either fire up WireShark to monitor the data stream or you could start simple and just use a different email client to retrieve your mail once and observe the results.

[superboyac]

Depending on how motivated you are, you could either fire up WireShark to monitor the data stream or you could start simple and just use a different email client to retrieve your mail once and observe the results.

-Innuendo (March 09, 2014, 04:29 PM)

I don't know what Wireshark is, but I just downloaded and will give it a try.

I was so certain it was Bitdefender, but then why did it start 2 days earlier?  And I didn't really install anything else around that time that I can tell.

[Innuendo]

WireShark, to give a simplified explanation, lets you take a look at the raw data packets and analyze them as they enter and leave your computer. It's got a bit of a learning curve to it so it may not be something you have the time or energy to invest in.

Are the usual headers blank or are extra blank headers being added?

[4wd]

Maybe start off with Nirsoft SmartSniff ?

Since POP3 is a text protocol, it might be a little easier to get running and understand compared to WireShark.

Just had a thought, if your email server uses TLS/SSL, (eg. Google), then you'll get very little in the way of human readable data through packet capture.

eg. Here's a packet capture from GMail:

Why is my desktop email client breaking mail message headers?

Randomised munging instigated by me

[Shades]

If you updated your mail client around that date, I wouldn't rule out a configuration setting in your mail client being responsible for the munging.

Indeed, Wireshark is powerful software with a rather steep (but rewarding) learning curve.

You could use a portable version of the Thunderbird email client (I believe its default settings leave email on the mail server from your mail provider usually your ISP, so your mail is safe) and see if the mail header aren't munged. If that is the case, then your standard mail client is the problem. And if it isn't, then you know to look for a different location in the chain of software you use to receive your mail. Anti-virus and/or spam filter being used on your computer or at your mail provider.

[superboyac]

OK, more information:

--it's only affecting my gmail addresses (multiple different ones).  How do I know this?  I sent an email to a non gmail address and it passed through the antispam and everything and came properly to my inbox.  But the gmail headers seem to be received differently.  I'm not exactly sure, but perhaps I changed my authentication settings recently, like changing ssl to startls, or something like that.

[Innuendo]

Oh, Shades is on the case now....if anyone can figure this out, he can...he deals with Exchange servers and hasn't killed anyone yet. 

[superboyac]

Even more information and now I'm getting confused:
Looking into it more, the email that arrived in my inbox from my non-gmail account is not even being filtered by the Antispam Sniper plugin.  SO now I have to try adding it and see if it still has a problem.  But all this leads me to believe it's the plugin.

[Curt]

just for your information:

The message headers are not used for the classification via SpamNet.

-Antispam Sniper

http://antispamsnipe...elp/oewm/spamnet.htm

[superboyac]

just for your information:

The message headers are not used for the classification via SpamNet.

-Antispam Sniper

http://antispamsnipe...elp/oewm/spamnet.htm

-Curt (March 10, 2014, 09:33 AM)

Hmmm...I'll have to look into that when I get home.  I want to say that's an option, and I think my SpamNet option is disabled.  NOt sure though.

[Stoic Joker]

just for your information:

The message headers are not used for the classification via SpamNet.

-Antispam Sniper

http://antispamsnipe...elp/oewm/spamnet.htm

-Curt (March 10, 2014, 09:33 AM)

Hmmm...I'll have to look into that when I get home.  I want to say that's an option, and I think my SpamNet option is disabled.  NOt sure though.

-superboyac (March 10, 2014, 10:12 AM)

I'm not familiar with the products specified, but judging by the description given it's a weighted keyword (Bayesian) style of filter so it can't alter the message in any fashion without skewing the results. Also any attempt at including the header would just introduce noise in the results due to the normally random information there causing a single (naughty content) message body result to blossom into thousands of sender recipient variations.

So unless the filter is cutting off the header for message analysis, and then stuffing that headerless-ly analyzed copy in the inbox...it would have no reason to be modifying anything.

[superboyac]

Well, I am a thorough person, so I'd figured I'd share what finally solved my problem.

The problem was with the Bat, not AntispamSniper like I initially suspected.  After several attempts, using the Maintenance Center of the Bat (Folder-->Maintenance Center), it found a couple of errors and fixed them.  Since then, the emails have been filtering properly.

I went back and forth with the ASS developer to find this solution, he was extremely helpful and I love his product.  The Bat support, not nearly as helpful (as expected), although they respond quickly using their trouble ticket.  But the ASS guy uses emails which is much more helpful in this kind of problem solving.