[Solved] Decrypt a Thunderbird EML File

Questions about applications and software
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
mikeflan
Level 17
Level 17
Posts: 7016
Joined: Sun Apr 26, 2020 9:28 am
Location: Houston, TX

[Solved] Decrypt a Thunderbird EML File

Post by mikeflan »

I am trying to decrypt a thunderbird EML file. When the EML file is opened in a text editor I see this:

Code: Select all

some header removed

Received: from gator3130.hostgator.com
	by gator3130.hostgator.com with LMTP
	id uA+eK+sw6mEjaQkAhribKQ
	(envelope-from <users-bounces@lists.fedoraproject.org>)
	for <myemailaddress>; Thu, 20 Jan 2022 22:04:59 -0600
Return-path: <users-bounces@lists.fedoraproject.org>
Envelope-to: myemailaddress
Delivery-date: Thu, 20 Jan 2022 22:04:59 -0600
Received: from bastion-iad01.fedoraproject.org ([38.145.60.11]:45380 helo=bastion.fedoraproject.org)
	by gator3130.hostgator.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <users-bounces@lists.fedoraproject.org>)
	id 1nAlAZ-002j5S-JO
	for myemailaddress; Thu, 20 Jan 2022 22:04:59 -0600
Received: from mailman01.iad2.fedoraproject.org (mailman01.iad2.fedoraproject.org [10.3.163.57])
	by bastion01.iad2.fedoraproject.org (Postfix) with ESMTP id BFE423076E50;
	Fri, 21 Jan 2022 04:04:43 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bastion01.iad2.fedoraproject.org BFE423076E50
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fedoraproject.org;
	s=bastion-iad; t=1642737883;
	bh=IpYBaEnShOQV2gixmGWtYHYE0ksSfRTFBZ/C2y12MNA=;
	h=From:Subject:To:Reply-To:Date:List-Id:From;
	b=o0YS4+xpvSToWcOI0bPSQE1oW10yf1c+vlbM60GGxtfo6rPD2pZMBj4QKO8RM5O7z
	 GIpYT6kZ2sE8Tt/ZrJ1HwgQgYbiWWO2sq3SRtRguMU6/ecT5wmicNCEdA401gd9TlM
	 aXadXtXyIOC0yZzfUH5RLm7r1Wxoct8Dd5VLKqcs=
Received: from mailman01.iad2.fedoraproject.org (localhost [IPv6:::1])
	by mailman01.iad2.fedoraproject.org (Postfix) with ESMTP id 82CE37E5A2A7C;
	Fri, 21 Jan 2022 04:04:43 +0000 (UTC)
From: users-request@lists.fedoraproject.org
Subject: =?utf-8?q?users_Digest=2C_Vol_215=2C_Issue_82?=
To: users@lists.fedoraproject.org
Reply-To: users@lists.fedoraproject.org
Date: Fri, 21 Jan 2022 04:04:29 +0000
Message-ID: <164273786911.4245.15632950612075062908@mailman01.iad2.fedoraproject.org>
List-Id: Community support for Fedora users <users.lists.fedoraproject.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
X-Mailman-Version: 3.1.1
Precedence: list

U2VuZCB1c2VycyBtYWlsaW5nIGxpc3Qgc3VibWlzc2lvbnMgdG8KCXVzZXJzQGxpc3RzLmZlZG9y
YXByb2plY3Qub3JnCgpUbyBzdWJzY3JpYmUgb3IgdW5zdWJzY3JpYmUgdmlhIGVtYWlsLCBzZW5k
IGEgbWVzc2FnZSB3aXRoIHN1YmplY3Qgb3IKYm9keSAnaGVscCcgdG8KCXVzZXJzLXJlcXVlc3RA
bGlzdHMuZmVkb3JhcHJvamVjdC5vcmcKCllvdSBjYW4gcmVhY2ggdGhlIHBlcnNvbiBtYW5hZ2lu
ZyB0aGUgbGlzdCBhdAoJdXNlcnMtb3duZXJAbGlzdHMuZmVkb3JhcHJvamVjdC5vcmcKCldoZW4g
cmVwbHlpbmcsIHBsZWFzZSBlZGl0IHlvdXIgU3ViamVjdCBsaW5lIHNvIGl0IGlzIG1vcmUgc3Bl
Y2lmaWMKdGhhbiAiUmU6IENvbnRlbnRzIG9mIHVzZXJzIGRpZ2VzdC4uLiIKClRvZGF5J3MgVG9w
aWNzOgoKICAgMS4gUmU6IEhvdyB0byBnZXQgRmVkb3JhIDM1IHRvIHVzZSBETlMgbmFtZSBhcyBo
b3N0bmFtZT8KICAgICAgKFRob21hcyBDYW1lcm9uKQoKCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KCkRhdGU6IFRo
dSwgMjAgSmFuIDIwMjIgMjA6MzU6MTkgLTA2MDAKRnJvbTogVGhvbWFzIENhbWVyb24gPHRob21h
cy5jYW1lcm9uQGNhbWVyb250ZWNoLmNvbT4KU3ViamVjdDogUmU6IEhvdyB0byBnZXQgRmVkb3Jh
IDM1IHRvIHVzZSBETlMgbmFtZSBhcyBob3N0bmFtZT8KVG86IHVzZXJzQGxpc3RzLmZlZG9yYXBy
b2plY3Qub3JnCk1lc3NhZ2UtSUQ6IDw1Mzg4ZWMxNi0wN2Q4LWRiMDUtNTU0NC00NDE5Y2VmOTQ1
N2FAY2FtZXJvbnRlY2guY29tPgpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9VVRG
LTg7IGZvcm1hdD1mbG93ZWQKCk9uIDEvMjAvMjIgMjA6MzAsIFRpbSB2aWEgdXNlcnMgd3JvdGU6
Cj4gT24gVGh1LCAyMDIyLTAxLTIwIGF0IDE5OjQ1IC0wNjAwLCBUaG9tYXMgQ2FtZXJvbiB3cm90
ZToKPj4gT0ssIHNvIHRoaXMgaXMgd2VpcmQuIEkganVzdCBraWNrc3RhcnRlZCBhIEYzNSBWTS4g
V2hlbiBpdCBib290ZWQKPj4gdXAsIGl0cyBob3N0bmFtZSB3YXMgaG9zdDE1Ni50Yy5jYW1lcm9u
dGVjaC5jb20sIGFzIEkgZXhwZWN0ZWQgaXQgdG8KPj4gYmUuCj4+Cj4+IFRoZSAvZXRjL2hvc3Ru
YW1lIGZpbGUgaXMgYmxhbmsgLSBpdCBqdXN0IGhhcyBhIHNpbmdsZSBlbXB0eSBsaW5lLgo+Pgo+
PiBBZnRlciBJIHJlYm9vdGVkIHRoYXQgVk0sIGl0cyBob3N0bmFtZSBpcyBzZXQgdG8gZmVkb3Jh
Cj4gCj4gSXQgd291bGRuJ3QgYmUgcXVpdGUgc28gYmFkIGlmIGl0IHNldCBpdHMgaG9zdG5hbWUg
dG8gdGhlIG9uZSBpdAo+IGRpc2NvdmVyZWQgKGV2ZW4gdGhvdWdoIHlvdSdkIHJhdGhlciBpdCBr
ZWVwIG9uIGRpc2NvdmVyaW5nIGl0KSwgYnV0Cj4gY2hhbmdpbmcgYSBob3N0bmFtZSBpcyBpbnRv
bGVyYWJsZS4KPiAKPiBIYXZlIHlvdSB0cmllZCBtYWtpbmcgdGhlIGhvc3RuYW1lIGZpbGUgaW1t
dXRhYmxlPwo+IAoKVGhpbmcgaXMsIHRoZSAvZXRjL2hvc3RuYW1lIGZpbGUgaXMgYmxhbmshIFRo
aXMgaXMgYml6YXJyZS4gSSd2ZSBqdXN0IAp0ZXN0ZWQgd2l0aCBGMzMsIEYzNCwgYW5kIEYzNS4g
V2l0aCBGMzMsIHRoZSBob3N0bmFtZSBpcyBzZXQgdG8gCmxvY2FsaG9zdC4gV2l0aCBGMzQgYW5k
IEYzNSwgaXQncyBzZXQgdG8gZmVkb3JhLiBXaXRoIFJIRUwgOC41LCBpdCdzIHNldCAKdG8gdGhl
IHJldmVyc2UgRE5TIGFzc2lnbmVkIGhvc3RuYW1lLiBXaXRoIFJIRUwgOSBiZXRhLCBpdCdzIHRo
ZSByZXZlcnNlIApETlMgYXNzaWduZWQgaG9zdG5hbWUuCgpUaGlzIGlzIHdlaXJkZXIgYW5kIHdl
aXJkZXIuCgpUaG9tYXMKCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQoKU3ViamVjdDog
RGlnZXN0IEZvb3RlcgoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX18KdXNlcnMgbWFpbGluZyBsaXN0IC0tIHVzZXJzQGxpc3RzLmZlZG9yYXByb2plY3Qub3Jn
ClRvIHVuc3Vic2NyaWJlIHNlbmQgYW4gZW1haWwgdG8gdXNlcnMtbGVhdmVAbGlzdHMuZmVkb3Jh
cHJvamVjdC5vcmcKRmVkb3JhIENvZGUgb2YgQ29uZHVjdDogaHR0cHM6Ly9kb2NzLmZlZG9yYXBy
b2plY3Qub3JnL2VuLVVTL3Byb2plY3QvY29kZS1vZi1jb25kdWN0LwpMaXN0IEd1aWRlbGluZXM6
IGh0dHBzOi8vZmVkb3JhcHJvamVjdC5vcmcvd2lraS9NYWlsaW5nX2xpc3RfZ3VpZGVsaW5lcwpM
aXN0IEFyY2hpdmVzOiBodHRwczovL2xpc3RzLmZlZG9yYXByb2plY3Qub3JnL2FyY2hpdmVzL2xp
c3QvdXNlcnNAbGlzdHMuZmVkb3JhcHJvamVjdC5vcmcKRG8gbm90IHJlcGx5IHRvIHNwYW0gb24g
dGhlIGxpc3QsIHJlcG9ydCBpdDogaHR0cHM6Ly9wYWd1cmUuaW8vZmVkb3JhLWluZnJhc3RydWN0
dXJlCgoKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCgpFbmQgb2YgdXNlcnMgRGlnZXN0
LCBWb2wgMjE1LCBJc3N1ZSA4MgoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
Kgo=
When the EML file is opened in Thunderbird I see this:

Code: Select all


Send users mailing list submissions to
	users@lists.fedoraproject.org

To subscribe or unsubscribe via email, send a message with subject or
body 'help' to
	users-request@lists.fedoraproject.org

You can reach the person managing the list at
	users-owner@lists.fedoraproject.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of users digest..."

Today's Topics:

   1. Re: How to get Fedora 35 to use DNS name as hostname?
      (Thomas Cameron)


----------------------------------------------------------------------

Date: Thu, 20 Jan 2022 20:35:19 -0600
From: some guy
Subject: Re: How to get Fedora 35 to use DNS name as hostname?
To: users@lists.fedoraproject.org
Message-ID: <5388ec16-07d8-db05-5544-4419cef9457a@camerontech.com>
Content-Type: text/plain; charset=UTF-8; format=flowed

On 1/20/22 20:30, Tim via users wrote:
> On Thu, 2022-01-20 at 19:45 -0600, Thomas Cameron wrote:
>> OK, so this is weird. I just kickstarted a F35 VM. When it booted
>> up, its hostname was host156.tc.camerontech.com, as I expected it to
>> be.
>>
>> The /etc/hostname file is blank - it just has a single empty line.
>>
>> After I rebooted that VM, its hostname is set to fedora
>
> It wouldn't be quite so bad if it set its hostname to the one it
> discovered (even though you'd rather it keep on discovering it), but
> changing a hostname is intolerable.
>
> Have you tried making the hostname file immutable?
>

Thing is, the /etc/hostname file is blank! This is bizarre. I've just 
tested with F33, F34, and F35. With F33, the hostname is set to 
localhost. With F34 and F35, it's set to fedora. With RHEL 8.5, it's set 
to the reverse DNS assigned hostname. With RHEL 9 beta, it's the reverse 
DNS assigned hostname.

This is weirder and weirder.

Thomas

------------------------------

Subject: Digest Footer

_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure


------------------------------

End of users Digest, Vol 215, Issue 82
**************************************

I want to get from the first box above to the 2nd box above.
I expect the answer is to use something (GPG, PGP, or whatever) using keys supplied in the e-mail header, but it's not clear to me what to use and what the keys are.

I know this is not directly related to LM, but I thought I would ask anyway.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 3 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
User avatar
JoeFootball
Level 13
Level 13
Posts: 4674
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: Decrypt a Thunderbird EML File

Post by JoeFootball »

mikeflan wrote: I expect the answer is to use something (GPG, PGP, or whatever) using keys supplied in the e-mail header, but it's not clear to me what to use and what the keys are.
If I remember correctly, .eml files are just MIME Base 64 encoded.
mikeflan
Level 17
Level 17
Posts: 7016
Joined: Sun Apr 26, 2020 9:28 am
Location: Houston, TX

Re: Decrypt a Thunderbird EML File

Post by mikeflan »

Thanks for the response. It's going to take me a while to research this.
85% of my EML files are perfectly readable with a text editor. But 15% looked like the random characters I posted. I think they are encrypted e-mails that TB can read fine, but they don't show works in a text editor.
User avatar
JoeFootball
Level 13
Level 13
Posts: 4674
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: Decrypt a Thunderbird EML File

Post by JoeFootball »

mikeflan wrote: But 15% looked like the random characters I posted. I think they are encrypted e-mails that TB can read fine, but they don't show works in a text editor.
Not encrypted, as the random characters are just MIME Base 64 encoded. For example: base64 -d EncodedData.txt
mikeflan
Level 17
Level 17
Posts: 7016
Joined: Sun Apr 26, 2020 9:28 am
Location: Houston, TX

Re: Decrypt a Thunderbird EML File

Post by mikeflan »

Wow, your a genius :D Worked great.
Collectively we have a lot of good knowledge on this list.

Without looking at the standards, it appears messages with this on a single line:
Content-Transfer-Encoding: base64
need the command you give to be readable.

E-mails that are generally readable have:
Content-Transfer-Encoding: 7bit
or
Content-Transfer-Encoding: quoted-printable

Most have quoted-printable and I think all HTML e-mails have quoted-printable.

There could be others that I have not found yet.
E-mails that have multiple E-mails included (like lists) often have a Content-Transfer-Encoding: for each e-mail, but they tend to be the same encoding.

I really appreciate your help.

Now I have to decide if I am going to mass-convert my TB mailboxes to undo the base64 encoding so that grepmail will see the contents. The ideal solution would be for grepmail to automatically see the base64 encoded e-mails, but that is apparently not the case.
User avatar
JoeFootball
Level 13
Level 13
Posts: 4674
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: Decrypt a Thunderbird EML File

Post by JoeFootball »

mikeflan wrote: Wow, your a genius
Thank you, but hardly. I just remember (sometimes correctly) random bits from the past.
mikeflan wrote: Collectively we have a lot of good knowledge on this list.
I wholeheartedly agree.
mikeflan wrote: E-mails that have multiple E-mails included (like lists) often have a Content-Transfer-Encoding: for each e-mail, but they tend to be the same encoding.
Or attachments, embedded images, or any aspect of non-ASCII character. It's my recollection that when you send any email (via TB or not), you're just sending plain ASCII text, hence all other elements must be encoded. I'm sure there a resource on the internet that articulates all this far better than I could.
mikeflan wrote: I really appreciate your help.
You're welcome.
mikeflan wrote: Now I have to decide if I am going to mass-convert my TB mailboxes to undo the base64 encoding ...
I'll bet you're not the first person to attempt this. I'd poke around Stack Overflow or otherwise for ideas.
dave0808
Level 5
Level 5
Posts: 974
Joined: Sat May 16, 2015 1:02 pm

Re: Decrypt a Thunderbird EML File

Post by dave0808 »

mikeflan wrote: Mon Jan 24, 2022 6:29 am Now I have to decide if I am going to mass-convert my TB mailboxes to undo the base64 encoding so that grepmail will see the contents.
You'll just need to be careful that you don't end up with non-printable characters within the file, which may do unexpected things with programs that are expecting printable characters.

Base64 was intended as a means of converting binary data into text, so that it could be sent over email - think JPEG or GIF images, as just one example. Unfortunately, spammers also use the encoding in order to attempt to bypass rudimentary anti-spam scanning, which could be looking for certain keywords.

In the case of the example you included, the encoding is most likely used to ensure that the mail headers for each of the messages within the digest are not picked up by the mail reader and treated as individual messages. Unless you specifically want this to happen, I would leave the EML file alone to save problems.

I would have expected a program called "grepmail" to be able to handle the main encoding types. Base64 and the ones you've mentioned have been around a looooong time now.
mikeflan
Level 17
Level 17
Posts: 7016
Joined: Sun Apr 26, 2020 9:28 am
Location: Houston, TX

Re: Decrypt a Thunderbird EML File

Post by mikeflan »

I would have expected a program called "grepmail" to be able to handle the main encoding types. Base64 and the ones you've mentioned have been around a looooong time now.
I need to do some more experimenting on this. At first it looked like grepmail did search within the base64 messages, but now it looks like it doesn't see that content.
Locked

Return to “Software & Applications”