Hello,
one of the groups we have in Cerberus is setup to handle abuse messages. Some people bounce abuse issues with the original file as an attached .eml file (AOL). I can't find the headers for the attached file to get details. There doesn't seem to be a way to download or view the full file.
It appears that the attached file is shown inline as the message. This is nice from the stand point of being able to quickly see the message contents. How ever, "show full headers" shows the senders message headers as you would expect, not the attached EML file headers... and I don't see another way to view the attached file headers.
From an abuse standpoint this is essential, to be able to track down the path of a message, who sent it / from what IP, and what server relayed or received it etc.
How do we do this? Or would this fall under the feature request catagory?
Also, there isn't even an indicator that it's an attached file being displayed inline, which would also be handy to know, as opposed to thinking it's the actual message sent.

Thanks,
Michael Jay.

Michael,

If you host your own copy of Cerberus, uncomment the section of api/app/Parser.php from lines 360 through 386. That's likely to cause duplicate message bodies, but if that gives you the header information you need, then I can open an issue to get the duplication resolved.

Dan,
Hey there. I finally got a chance to look through the Parser.php and un-rem the code you specified. On our server it actually appeared to be lines 348-374 (foreach($struct as $st)...)
I've got that change made, but when I view an abuse message that had an attached .eml file... I still can't find the headers in the attached file.
For an example... one message has the original message body blank, an attachment of FastTrac_class_alumni.eml, which has full headers etc. The ticket in Cerberus shows the content and html source inline. With an attachment of original_message.html, which has the body of the original attachment, but no headers etc.
Any other ideas? (Presumably I should change that code you had me uncomment back...?)

Thanks,
Michael Jay.

Yeah, go ahead and change that back, and then, around line 577, comment out the following:if($file->mime_type == 'message/rfc822') {
continue;
}

That should attach the .eml file in it's entirety so you can check it for the headers.

Thanks, that seems to be working. One more question though. While the information is now available, it renames the file and specifically the extension to .msg instead of .eml.
This means to open it you have to save it, rename it, then open it... instead of being able to open it on the fly. Of course we could change all our associations and some mail clients may deal with it... but is there an easier way around it? A simple way to keep it as .eml?
Of course, if you guys are working on fixing the in-line headers in the near future, don't worry about it anyway.

Thanks,
Michael Jay.

That's (still in Parser.php) in CerberusParser::parseMime(), line 128ish$message->files['inline'.$message_counter.'.msg'] = $html_attach;You should be able to get away with just changing the appended extension to ".eml".

I tried changing that line from containing .msg to .eml - the attachments did not appear to change in the system.
Any other ideas?

Thanks,
Michael Jay.

Well, any existing ones will of course not change. Are you saying that new messages with attached e-mails are still getting the .msg filename?

No, I hadn't left the change in long enough for new messages. I was thinking it parsed existing messages from the database on the fly... I'll try changing it again and leave it enabled.

Thanks,
MJ.