Microsoft Outlook 2010 - Rewriting the x-mailer header when forwarding .msg file as attachment when the transport message is digitally signed or encrypted.

Hi All,

My organization has a spam mailbox our users send suspicious messages to. We direct these people to send the email they receive as an attachment to a new message. Recently we discovered that if the new message is digitally signed or encrypted, the x-mailer header of the attachment gets written to "Microsoft Outlook 14.0". We can only speculate that Outlook is the cause since the message is already changed while sitting in the users outbox.

If the transport message is not encrypted or digitally signed, the original (attachment) mail header is not modified.

We have ran the same test case using Outlook Web (Exchange 2010) and verified this issue does not exist with that client. See these sanitized examples below.

Original Malicious Email Internet Headers.

To: <XXXX>
Subject: Who
From: TEST <XXXXXX>
X-Mailer: Thunderbird
X-SEF-7853D99-ADF1-478E-8894-213D31XXXXXX: 1
X-SEF-Processed: 7_3_0_1209__2015_07_24_10_12_22
MIME-Version: 1.0
Content-Type: text/plain
Return-Path: XXXXXX
X-MS-Exchange-Organization-AuthSource: XXXXXX
X-MS-Exchange-Organization-AuthAs: Anonymous

Internet Headers from the exact same message when attached to a digitally signed email.

To: "XXXX"
Subject: Who
Date: Fri, 24 Jul 2015 10:14:17 -0400
Message-ID: <XXXXX>
MIME-Version: 1.0
Content-Type: text/plain;
    charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHQxhsIhPw58eeTlky4IXXXXXg==
Content-Language: en-us

Does anyone have any recommendation on the Outlook or Exchange configuration that might stop this rewriting?

July 27th, 2015 11:44am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics