base64 encoded string gets truncated through fgets call while parsing IMAP - php
I am parsing emails with Zend_Mail, and strangely some content gets truncated without an obvious reason and malforms the email parts.
For example
Content-Disposition: attachment; filename="file.sdv"
DQogICAgICBTT05FO0xBTkRJTkdTREE7U0FMR1NEQVRPIDtOQVNKIDtSRURTS0FQICAgICAgICAg
ICAgIDsgRklTS0VTTEFHO1BSRVNFUlYgICA7ICBUSUxTVEFORDsgU1TYUlJFTFNFOyAgS1ZBTElU
RVQ7T01TVFlQRSAgO01JTlNURVBSSVM7ICAgICBWRVJESTsgICBLVkFOVFVNOyAgUlVORFZFS1Qg
IA0KLS0tLS0tLS0tLTstLS0tLS0tLS0tOy0tLS0tLS0tLS07LS0tLS07LS0tLS0tLS0tLS0tLS0t
LS0tLS07LS0tLS0tLS0tLTstLS0tLS0tLS0tOy0tLS0tLS0tLS07LS0tLS0tLS0tLTstLS0tLS0t
LS0tOy0tLS0tLS0tLTstLS0tLS0tLS0tOy0tLS0tLS0tLS07LS0tLS0tLS0tLTstLS0tLS0tLS0t
ICANCiAgICAgICAgIDA7MjAxMC4wOS4wODsyMDEwLjA5LjA4O05vcnNrO0dhcm4gICAgICAgICAg
ICAgICAgOyAgICAgIDEwMjE7RkVSU0sgICAgIDsgICAgICAgMjEwOyAgIDQwMjA5OTk7ICAgICAg
ICAyMDtFZ2Vub3ZlcnQ7ICAgICAgICAgIDsgICAzMDcyLDE2OyAgICAgICAyMTE7ICAgICAyNTMs
MiAgDQogICAgICAgICAwOzIwMTAuMDkuMDg7MjAxMC4wOS4wODtOb3JzaztHYXJuICAgICAgICAg
Gets truncated to
Content-Disposition: attachment; filename="file.sdv"
DQogICAgICBTT05FO0xBTkRJTkdTREE7U0FMR1NEQVRPIDtOQVNKIDtSRURTS0FQICAgICAgICAg
ICAgIDsgRklTS0VTTEFHO1BSRVNFUlYgICA7ICBUSUxTVEFORDsgU1TYUlJFTFNFOyAgS1ZBTElU
RVQ7T01TVFlQRSAgO01JTlNURVBSSVM7ICAgICBWRVJESTsgICBLVkFOVFVNOyAgUlVORFZFS1Qg
IA0KLS0tLS0tLS0tLTstLS0tLS0tLS0tOy0tLS0tLS0tLS07LS0tLS07LS0tLS0tLS0tLS0tLS0t
LS0tLS07LS0tLS0tLS0tLTstLS0tLS0tLS0tOy0tLS0tLS0tLS07LS0tLS0tLS0tLTstLS0tLS0t
LS
a var_dump on each line shows this.
string(78) "DQogICAgICBTT05FO0xBTkRJTkdTREE7U0FMR1NEQVRPIDtOQVNKIDtSRURTS0FQICAgICAgICAg
"
string(78) "ICAgIDsgRklTS0VTTEFHO1BSRVNFUlYgICA7ICBUSUxTVEFORDsgU1TYUlJFTFNFOyAgS1ZBTElU
"
string(78) "RVQ7T01TVFlQRSAgO01JTlNURVBSSVM7ICAgICBWRVJESTsgICBLVkFOVFVNOyAgUlVORFZFS1Qg
"
string(78) "IA0KLS0tLS0tLS0tLTstLS0tLS0tLS0tOy0tLS0tLS0tLS07LS0tLS07LS0tLS0tLS0tLS0tLS0t
"
string(78) "LS0tLS07LS0tLS0tLS0tLTstLS0tLS0tLS0tOy0tLS0tLS0tLS07LS0tLS0tLS0tLTstLS0tLS0t
"
string(5) "LS)
"
string(17) "TAG5 OK Success
"
or in other email at
DQogICAgICBTT05FO0xBTkRJTkdTREE7U0FMR1NEQVRPIDtOQVNKIDtSRURTS0FQICAgICAgICAg
ICAgIDsgRklTS0VTTEFHO1BSRVNFUlYgICA7ICBUSUxTVEFORDsgU1TYUlJFTFNFOyAgS1ZBTElU
RVQ7T01TVFlQRSAgO01JTlNURVBSSVM7ICAgICBWRVJESTsgICBLVkFOVFVNOyAgUlVORFZFS1Qg
IA0KLS0tLS0tLS0tLTstLS0tLS0tLS0tOy0tLS0tLS0tLS07LS0tLS07LS0tLS0tLS0tLS0tLS0t
LS0tLS07LS0tLS0tLS0tLTstLS0tLS0tLS0tOy0tLS0tLS0tLS07LS0tLS0tLS0tLTstLS0tLS0t
LS0tOy0tLS0tLS0tLTstLS0tLS0tLS0tO
I cannot figure out why is stopping there. The transmitions should have stoped at the end of the line only. This is the line that gets the string from the IMAP Server.
$line = #fgets($this->_socket);
The encoded text contains a string like, but again this is truncated in various parts in different emails.
----------;----------;----------;-----;--------------------;----------;----------;--
I've tried to add a size to fgets() but to no results.
I also enabled/disabled "auto_detect_line_endings" php_ini setting, again to no result.
I've also opened a bug report with ZF although the error does not seem to be in the library.
Do you see anything strange with this encoded string?
UPDATE
New research shows that the emails get truncated after 584 chars. Still don't know why.
Sent a question to google as well. See here.
A Bad email headers :
Delivered-To: email#removed.com
Received: by 10.216.3.208 with SMTP id 58cs248812weh;
Fri, 20 Nov 2009 05:14:14 -0800 (PST)
Received: by 10.204.153.217 with SMTP id l25mr1285471bkw.108.1258722853863;
Fri, 20 Nov 2009 05:14:13 -0800 (PST)
Return-Path: <>
Received: from MTX4.mbn1.net (mtx4.mbn1.net [213.188.129.252])
by mx.google.com with SMTP id 2si1800716bwz.60.2009.11.20.05.14.12;
Fri, 20 Nov 2009 05:14:13 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of MTX4.mbn1.net designates 213.188.129.252 as permitted sender) client-ip=213.188.129.252;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of MTX4.mbn1.net designates 213.188.129.252 as permitted sender) smtp.mail=
Resent-From: <email#removed.com>
Content-Type: multipart/mixed; boundary="===============1703099044=="
MIME-Version: 1.0
From: <email#removed.com>
To: <email#removed.com>
CC:
Subject: some subject
Message-ID: <FLYNDRElQ080Gxw8Zw500000f46email#removed.com>
X-OriginalArrivalTime: 20 Nov 2009 13:14:08.0121 (UTC) FILETIME=[5792C690:01CA69E3]
Date: Fri, 20 Nov 2009 14:14:08 +0100
X-STA-Metric: 0 (engine=030)
X-STA-NotSpam: tlf: vedlagt skip:__ 40 fil cc:2**0
X-STA-Spam: header:MIME-Version: charset:us-ascii header:Subject:1 to:2**0 header:From:1
X-BTI-AntiSpam: score:0,sta:0/030,dnsbl:passed,sw:off,bsn:38/passed,spf:off,bsctr:passed/1,dk:off,pbmf:none,ipr:0/3,trusted:no,ts:no,bs:no,ubl:passed
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
Resent-Message-Id: <19740416124736.CF5804B33EF632B0email#removed.com>
Resent-Date: Fri, 20 Nov 2009 14:14:11 +0100 (CET)
--===============1703099044==
Content-Type: application/octet-stream
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="file.sdv"
DQpHUlVQUEVOQVZOICAgICAgICAgIDtLSthQRTtQUk9EQU5MO1BBS0tFTlI7TU9UVEFLTkFWTiAg
ICAgICAgICAgICAgICAgICAgO1NPTjtMQU5ESU5HU0RBO1NBTEdTREFUTyA7TkFTSiA7UkVEU0tB
UCAgIDtGSVNLRVNMQUcgO1BSRVNFUlYgICA7VElMU1RBTkQ7U1TYUlJFTFM7S1ZBTElURVQ7TUlO
U1RFUFJJUzsgICAgICAgIFZFUkRJOyAgICAgS1ZBTlRVTTsgICAgUlVORFZFS1QgICAgDQotLS0t
LS0tLS0tLS0tLS0tLS0tLTstLS0tLTstLS0tLS0tOy0tLS0tLS07LS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tOy0tLTstLS0tLS0tLS0tOy0tLS0tLS0tLS07LS0tLS07LS0tLS0tLS0tLTst
LS0tLS0tLS0tOy0tLS0tLS0tLS07LS0tLS0tLS07LS0tLS0tLS07LS0tLS0tLS07LS0tLS0tLS0t
LTstLS0tLS0tLS0tLS0tOy0tLS0tLS0tLS0tLTstLS0tLS0tLS0tLS0gICAgDQpMb3JlbnR6ZW4g
....
For those interested in an answer and not in the (ex) bounty, more clues.
Gmail is returning a short value in response to RFC822.SIZE, which can lead to truncated messages. (They are off by one byte for each header line, apparently not counting two characters for CR/LF.)
I think you're looking in the wrong place.
The imap server gives you the mail message truncated, and then returns its status line TAG5 OK Success.
I don't see how your (/php's) handling of the socket would make a few kb worth of stream disappear, to magically fix the stream right before this status line.
So either the message is truncated by itself (have you verified the message contents through some other way?) or the imap server is just broken.
The first things I would do, are:
find a sufficiently silent environment to put your project, where you can strace -f -s 10240 -p <pid> apache's process to verify the socket interaction (assuming a linux/apache environment)
and/or: use tcpdump, ethereal or equivalent to check what's coming in on the line
My guess is that you will see the exact same truncated strings coming in on the wire. Meaning you can shift your focus to the imap server.
Reassuring yourself that you're looking in the right place can save a lot of time.
1: try removing the # for more verbosity
2: try using http://www.php.net/manual/en/function.fread.php instead of fgets
This might have something to do with the IMAP server, because i see TAG5 OK Success as a response, even if its not supposed to be there.
Have you tried issuing another fgets and see if you get the rest of the data? You may be retrieving a multi-part email which would require multiple requests.
But regardless, you are using functions designed for file access on a network. Usually this works fine, but depending on the network, issues can arise. For example, you can use file_get_contents to retrieve a web page. But if the issue issues a redirect, then it fails. But using curl will be much more successfully.
If you truly want to read the network socket, you should try socket_read. That is designed with the network in mind, like curl.
Do not know Zend and forgot all about PHP but played with MIME and HTTP before (C++).
I suggest you start looking at finding way to add a Content-Length header entry. It gives a hint to the "message decoder/loader" to expect a certain size in the content (message payload). (Not sure if IMAP does that)
In the code above I would try to convince fgets to read a specific amount of expected data from the network. It could be that the data is buffered or not yet sent over the network (async communication) and fgets only reads an internal buffer thus stopping before the whole message was read.
To see if this is the case, send a small message that falls under your "584 breaking point".
Do some network tracing the see if all the data actually flows. (You would probably need to do some local setup)
The code you are referring to is here?
Most likely one of your server hardware is compromised and thus you want to change it completely or just change the RAM modules or Disk-Drives. I've some experience with Web-and-Mail based encoding and I can confirm you that base64 encoded string is very secure. At least it uses a texture mapping algorithm.
Related
Prevent modifying http response headers in Apache
I have ran a security scan in my website and scan report showing security thread in below URL, saying "HTTP header injection vulnerability in REST-style parameter to /catalog/product/view/id" The following URL adding the custom header XSaint:test/planting-a-stake/category/99 in HTTP Response header.(See the last line in Response Header) I tried different solutions but no luck! Can any one suggest me to prevent the modifying HTTP Response header. URL: /catalog/product/view/id/1256/x%0D%0AXSaint:%20test/planting-a-stake/category/99 Response Header: Cache-Control:max-age=2592000 Content-Encoding:gzip Content-Length:253 Content-Type:text/html; charset=iso-8859-1 Date:Fri, 26 May 2017 11:27:12 GMT Expires:Sun, 25 Jun 2017 11:27:12 GMT Location:https://www.xxxxxx.com/catalog/product/view/id/1256/x Server:Apache Vary:Accept-Encoding XSaint:test/planting-a-stake/category/99
HTTP header injection vulnerability is related to someone injecting data in your application that can be used to insert arbitrary headers (see https://www.owasp.org/index.php/HTTP_Response_Splitting). In this specific case, the scanner assume the vulnerability might come from the URI put in the Location header: Location:https://www.xxxxxx.com/catalog/product/view/id/1256/x The need here is to ensure that the data put into this URI cannot embed the line return characters, to quote the OWASP HTTP Response Splitting page: CR (carriage return, also given by %0d or \r) LF (line feed, also given by %0a or \n)
How to prepare an APPEND IMAP Command?
I trying to create a Draft in GMail programatically with PHP. I'm using VivOAuthIMAP library to make an IMAP login with OAuth successfully but the library only support a few commands to fetch data. I want to extend the library to support APPEND command and achieve my purpose: create a Draft. But I'm very lost with this IMAP stuff and I don't know how to build a valid IMAP APPEND command, I'm always getting "A3 BAD Could not parse command error" or "A3 BAD [CLIENTBUG] Too many arguments for command: APPEND". I'm trying to follow RFC2060 example: C: A003 APPEND saved-messages (\Seen) {310} C: Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) C: From: Fred Foobar <foobar#Blurdybloop.COM> C: Subject: afternoon meeting C: To: mooch#owatagu.siam.edu C: Message-Id: <B27397-0100000#Blurdybloop.COM> C: MIME-Version: 1.0 C: Content-Type: TEXT/PLAIN; CHARSET=US-ASCII C: C: Hello Joe, do you think we can meet at 3:30 tomorrow? C: S: A003 OK APPEND completed I think the problem is that I'm not building the multi-line message properly. For example: This works: $this->writeCommannd("A" . $this->codeCounter, "APPEND \"$mailbox\" (\Seen) {$size} \"Subject: hello world\""); But these not (if I add spaces IMAP interprets as new arguments and I get too many arguments). // A3 BAD [CLIENTBUG] Too many arguments for command: APPEND $this->writeCommannd("A" . $this->codeCounter, "APPEND \"$mailbox\" (\Seen) {$size} \"Subject: hello world\" \"To: myemail#email.com\""); // A3 BAD Could not parse command $this->writeCommannd("A" . $this->codeCounter, "APPEND \"$mailbox\" (\Seen) {$size} \"Subject: hello world\"\r\n\"To: myemail#email.com\"");
Two things: You need a CRLF after the size. The body is not part of the command. You need to wait for the server to tell you to proceed after the size, unless the server supports the LITERAL+ extension. Sample dialog: C: A01 APPEND INBOX {100}\r\n S: + go ahead\r\n C: {message here} With LITERAL+ extension: C: A01 APPEND INBOX {100+}\r\n C: {message here}
unicode is wrong when get file from server
I wanna download this link from google which mage txt file by php. when I do it by browser,the unicode is correct and all things are right,but when I do it by curl or file_get_content it contain bad alphabets. what is difference and how should I solve it? downloaded by brower [[["سلام","hello","",""]],[["interjection",["سلام","هالو","الو"],[["سلام",["hello","hi","aloha","all hail"]],["هالو",["hallo","hello","halloo"]],["الو",["hello"]]]]],"en",,[["سلام",[5],0,0,1000,0,1,0]],[["hello",4,,,""],["hello",5,[["سلام",1000,0,0],["خوش",0,0,0],["میهمان گرامی",0,0,0],["خوش آمدید",0,0,0],["درود کاربر",0,0,0]],[[0,5]],"hello"]],,,[["en"]],65] download by following php script: <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <?php $t = file_get_contents("http://translate.google.com/translate_a/t?client=t&hl=en&sl=auto&tl=fa&multires=1&prev=btn&ssel=0&tsel=3&uptl=fa&alttl=en&sc=1&text=hello"); $f = fopen("t.txt", "w+"); fwrite($f, $t); fclose($f); ?> </body></html> [[["ÓáÇã","hello","",""]],[["interjection",["ÓáÇã","åÇáæ","Çáæ"],[["ÓáÇã",["hello","hi","aloha","all hail"]],["åÇáæ",["hallo","hello","halloo"]],["Çáæ",["hello"]]]]],"en",,[["ÓáÇã",[5],0,0,1000,0,1,0]],[["hello",4,,,""],["hello",5,[["ÓáÇã",1000,0,0],["ÎæÔ",0,0,0],["ã\u06CCåãÇä ÑÇã\u06CC",0,0,0],["ÎæÔ ÂãÏ\u06CCÏ",0,0,0],["ÏÑæÏ ÇÑÈÑ",0,0,0]],[[0,5]],"hello"]],,,[["en"]],4] Header: Header are: HTTP/1.1 200 OK Pragma: no-cache Date: Fri, 25 May 2012 22:29:12 GMT Expires: Fri, 25 May 2012 22:29:12 GMT Cache-Control: private, max-age=600 Content-Type: text/javascript; charset=UTF-8 Content-Language: fa Set-Cookie: PREF=ID=b6c08a0545f50594:TM=1337984952:LM=1337984952:S=Sf1xcow2qPZrFeu0; expires=Sun, 25-May-2014 22:29:12 GMT; path=/; domain=.google.com X-Content-Type-Options: nosniff Content-Disposition: attachment Server: HTTP server (unknown) X-XSS-Protection: 1; mode=block Transfer-Encoding: chunked
Add parameters ie=UTF-8 and oe=UTF-8 to query string of the url: $t = file_get_contents("http://translate.google.com/translate_a/t?ie=UTF-8&oe=UTF-8&client=t&hl=en&sl=auto&tl=fa&multires=1&prev=btn&ssel=0&tsel=3&uptl=fa&alttl=en&sc=1&text=hello");
This worked for me once, as I was about to throw lots of code to the garbage! Maybe it will help you too iconv( 'CP1252', 'UTF-8', $string);
echoing what you get from file_get_contents into the PHP output should work fine, as you are going from a UTF-8 JSON response to a UTF-8 HTML response. Works for me off the given URL. When you store to a file, you then have to worry about what encoding the tools you are using to read the file are working in. Just fwriteing is fine as long as the text editor you view it in knows the output is UTF-8. On Windows, Notepad may instead try to read it in the locale-dependent default ('ANSI') codepage, which won't be UTF-8. On a Western European install it'd be code page 1252 and you'd get output like سلام for سلام. (One way around that is to put a UTF-8 fake-BOM at the front of the file with fwrite($f, "\xef\xbb\xbf");. This is a bit dodgy because UTF-8 doesn't need a Byte Order Mark (its byte order is fixed) and it breaks UTF-8's ASCII-compatibility, but Windows tools like fake-BOMs. The other way around it is to get a better text editor that allows you to default to handling files as UTF-8.) You've got something slightly different here, as ÓáÇã is what you get when you save سلام in the Windows default Arabic encoding (code page 1256) and then read it in the Windows default Western encoding (code page 1252). This implies there's some kind of extra store-and-load step involved in your testing, that's messing up the encoding. If it's anything to do with Windows command line tools you might as well give up, because the Command Prompt and MSVCRT apps don't really play well with Unicode at all.
Email header is "malformed" when using sendmail command from php. Why?
I'm having trouble with a sendmail command. I'm pulling the values out of a database call, and they look good. The mail command looks like this: sendmail(urldecode($row['tracker']),urldecode($row['recipient']),urldecode($row['docurl']),urldecode($row['last_accessed'])); function sendmail($vtracker,$vrecip,$vrawurl,$viewed){ $to = $vtracker; $subject = $vrecip . " has viewed the presentation you sent them.</br>"; $body= "Full document url: " . $vrawurl . "<br/>". "Time and Date Viewed: :" .$viewed ; if (!mail($to, $subject, $body)) { echo("<p>Message delivery failed...</p>"); } } I echoed all the variables and they look ok: $vtracker: Bob ; $vrecip : gregmcg#yahoo.com ; $vrawurl : https://docs.google.com/a/advetel.com/present/edit?id=0Ac_KwUsBMiw8ZGN2Z3N3cDlfMTc3c2Jubng0Z2Q ; $viewed : Mon, 20 Feb 2012 10:36:22 CST ; I'm getting an error (retrieved from the error log on the server) that looks like this. [error] [client 66.249.68.23] File does not exist: /var/chroot/home/content/m/3/s/m3sglobal/html/broadband/missing.html [Tue Feb 21 20:17:15 2012] [error] [client 70.113.8.83] Failed loading /usr/local/zo/4_3/ZendOptimizer.so: /usr/local/zo/4_3/ZendOptimizer.so: undefined symbol: empty_string [Tue Feb 21 20:17:17 2012] [error] [client 70.113.8.83] malformed header from script. Bad header=/home/content/m/3/s/m3sglobal/: Nitrofill_Presentation.php Why is the header "malformed"?
I think it wouldn't hurt to spend a bit more time with RFC 2822. Your to field is populated with Bob. That it not a legal address. The format of valid email addresses is quite complicated but these days, addresses generally are of the form localpart#domain. (Older formats that allowed delivery to UUCP addresses via % username specifiers or ! bang-paths are often not supported; further, username#[<ip address>] may or may not be supported on different servers or configurations. In general, there must be an # in an email address to separate the local part from the domain.) You also appear to be using user-supplied data without any confirmation that it isn't performing header injection attacks. (See also the suhosin project's documentation about suhosin.mail.protect.) Your subject field includes a </br>, which is pointless, since the Subject: header is interpreted as plain text. This field also appears to be using raw data supplied by the database. The message body also includes the </br>, which is pointless, since your message does not include any MIME markup to indicate the presence of text/html content.
Gmail IMAP E-mail Content Garbled
I have a custom web based contact management system that we built in PHP to track contacts and recently starting checking our Google e-mail box using IMAP and then, if that contact is in our contact management system: Copying the message into a MySQL database table that's associated with that contact Marking that contact to follow up with that day Archiving the message in Gmail Everything seems to be working great, EXCEPT... every so many emails we get a really garbled message that looks like this: FABRRRQAUUUUAJXDjxZrUtzNFa2UMwjYj5YnYgZ74Ndwa4bwfzqmpH3/wDZjTcl CnKdr2Fa7SJP+Ek8S/8AQJX/AMB5P8aZN4s162j33GmxxrnG54XUfqa6ysHxp/yA/wDtqv8AWuej jFUqKDgtSpQsr3L13r4tPDcOoShBcTxgog6FiP5CsrwtpjuzavekvcTZKFuwPf8AH+VZOlwS+Iby 1jlBFnZRKhGeDjt9Sf0Fd0qhVCqAABgA I go back and check the message and it appears to be only text, so I don't think it is an image. Any idea how to prevent that? Thanks in advance. Sincerely, James
The example you provided looks like it is base64 encoded. The headers of the email message will tell you how to handle the content of the email message. For example, the following defines an email message where the body is plain text, but it is stored as being base64 encoded. I have "x"ed out the privacy sensitive information. Received: from xxxxxxxxx ([xxx.xx.xx.xxx]) by xxxxxxxxxx.xxx.xxxxxxxxxxxxxxx.xxx with Microsoft SMTPSVC(6.0.3790.3959); Wed, 29 Apr 2009 21:29:16 +0000 Received: from xxxx-xxx-xxxxxx ([xxx.xx.xxx.xxxx]) by xxxxxxxx ; Wed, 29 Apr 2009 15:29:16 -0600 Message-ID: <AADB29A7-AAED-4068-B4A8-300E3B0D93AB#localhost> MIME-Version: 1.0 From: xxxxxxxxxx#xxxxxxxxxxxxxxx.com To: xxxxxxxxxx#xxxxxxxxxxxxxxx.com Date: 29 Apr 2009 15:29:16 -0600 Subject: xxxx Account Update Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64 Return-Path: xxxxxx#xxxxxxxx.com X-OriginalArrivalTime: 29 Apr 2009 21:29:16.0374 (UTC) FILETIME=[8C63AF60:01C9C911] Pay close attention to the Content-Type and Content-Transfer-Encoding headers.
I believe the IMAP is over SSL, so it might be the connection to IMAP that gets out of sync. The best solution I have for that is just check to see if the body contains a really long word. Since that garble has no spaces: <?php function wordlength($txt, $limit) { $words = explode(' ', $txt); foreach($words as $v) { if(strlen($v) > $limit) { return false; } } return true; } ?> Usage: <?php $txt = "Message Body would be here"; if(!wordlength($txt, 45)) { //maybe try to pull the message again or //send an email to you telling you there is a problem } ?> I picked 45 just in case some uses the word Pneumonoultramicroscopicsilicovolcanoconiosis in an email. :D Jordan might be right though. It may just be base64 encoded. I would just explode() the headers then and search for that and if it's there, a simple base64_decode() will do the trick.
This helped me with a garbled e-mail subject. http://php.net/manual/en/function.imap-header.php