Lost BODY message

[Pavel Kankovsky]

On Tue, 7 Dec 2004, David Relson wrote:

> While reading mail, I noticed a "no subject" message, which often means
> spam.  However this was in a user folder, not the spam folder. When I
> looked at the file (in its MH directory), it appeared to be truncated at
> the end of the Received: header line.  It's not at all clear what
> happened.  My procmailrc does the following (roughly): 

I get truncated messages, like this one:

Return-Path: <Ctcv_Mwdxqepo1 at hotmail.com>
Delivered-To: peak at argo.troja.mff.cuni.cz
Received: (qmail 14969 invoked from network); 10 Dec 2004 12:29:32 -0000
Received: from kerberos2.troja.mff.cuni.cz (195.113.28.3)
  by argo.troja.mff.cuni.cz with SMTP; 10 Dec 2004 12:29:31 -0000
Received: (qmail 1054 invoked from network); 10 Dec 2004 12:29:30 -0000
Received: from unknown (HELO 222.101.15.28) (222.101.15.28)
  by kerberos2.troja.mff.cuni.cz with SMTP; 10 Dec 2004 12:29:30 -0000
Received: from 67.144.216.89 by ; Fri, 10 Dec 2004 14:23:30 +0200
Message-ID: <U[20-25
[end of message]

quite often. Truncation in the middle of a header (esp. in the middle of
Message-ID) is the most common but I have seen messages truncated in the
middle of a body as well. "[20" or a similar string near the end of the
message appears to be a significant common feature of those messages.

An interesting, and probably related thing, is this line from another spam 
message (a complete one):

Message-ID: <%CUSTOM_A0[20-22]pfhk6cj at moonstar.com>

Perhaps the truncated message was generated by some sort of misconfigured
or broken spam generator that failed to substitute the placeholder and
terminated prematurely (btw: spam containing unreplaced placeholders is
quite common as well).

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."