[imp] Unusual outgoing messages
Chuck Hagenbuch
chuck at horde.org
Fri Oct 6 18:40:28 PDT 2006
Quoting "Stephen A. Cochran Lists" <stephen.a.cochran.lists at cahir.net>:
> After some more digging I'm sure now that compose.php is being
> called without authenticating:
>
> Seeing the following in the log files:
>
> Oct 06 13:12:23 HORDE [info] [imp] 80.89.179.109 Message sent to
> frankandpk at freeuk.com
> ...
> frankbeal at aol.com from Aaron D. Solnit [on line 1063 of
> "/var/www/html/mail/horde/imp/compose.php"]
>
> But there was no login from Aaron D. Solnit, who is a valid member
> of our system. Anyone seen this problem or have any suggestions on
> how to close this? Clearly a bad security problem.
I'd like to see the apache access logs that go along with this. Even
_if_ someone is somehow sending mail through compose.php without
authenticating, using compose.php means they're stuck with
Horde-generated headers.
> Note: Second strange thing is despite setting the log file location
> in the admin setup web page to be /var/log/httpd/horde.log, some
> info is still being written to /tmp/horde.log and some is being
> written to /var/log/httpd/horde.log. Also changed the log level to
> info from debug, but both files still show debug output lines. Very
> strange.
That would seem to me to indicate that you're modifying the wrong
Horde installation. Obviously you know your system much better than I
do, but that's the most straightforward answer. Or perhaps you're
using a PHP accelerator that's producing badly broken cached behavior?
-chuck
--
"we are plastered to the windshield of the bus that is time." - Chris
More information about the imp
mailing list