[imp] Strange logs in apache
Michael M Slusarz
slusarz at horde.org
Thu Oct 11 21:24:39 UTC 2012
Quoting Rodrigo Abrantes Antunes <rodrigoantunes at pelotas.ifsul.edu.br>:
> Hi, I'm getting strange logs in my access.log in apache for the horde site:
>
> ...GET /static/b169ed96a0dc55b4a76d1a29a1848ae3.css HTTP/1.1" 200 115911
> "https://myhordeserver.xxx.xxx/imp/compose-dimp.php?to=20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA@myhordeserver.xxx.xxx&popup=1"
> "Mozilla/5.0....
>
> It seems that someone is trying to send a message to an account in the
> server that horde is, but this server has no mail services and this account
> is very strange
> 20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx
It looks like a Message-ID header from a message sent by Horde/IMP is
being interpreted as an e-mail address somewhere in Horde/IMP (That
message-ID is of the format created by our Horde_Mime library). This
e-mail address is linked to the compose page via the registry compose
link call.
It doesn't appear to be anything malicious - looks like we are running
the e-mail text search filter on the Message-ID header when we don't
need to (maybe in View All Headers in the standard IMP view?) and a
user is clicking on that.
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the imp
mailing list