[imp] IMP as an open relay

Christopher Audley audley@cnsolutionsllc.com
Wed, 22 May 2002 19:32:55 -0400


It seems to me, from scanning redirect.php and IMP.php (createSession), 
that I can
construct a URL to to connect any instance of IMP running on the net to 
run against
any IMAP server.  There is no check to limit the server specified to 
those listed in
servers.php.  Am I wrong about this?

Now suppose I write a script that listens to a port on the local machine 
and emulates
an IMAP server, just enough to verify a login.  I do a login to an IMP 
machine
specifying my local address and port to redirect.php, and when Horde 
tries to
connect to my local IMAP emulator and login, I accept the username/password
that I supplied (or any combination for that matter).  I now have a 
session on the
IMP box, I can send emails by doing POSTs to compose.php, in effect 
using the
IMP box as an open relay.

Chris