[imp] Strange logs in apache
Rodrigo Abrantes Antunes
rodrigoantunes at pelotas.ifsul.edu.br
Thu Oct 11 21:35:35 UTC 2012
Citando Michael M Slusarz <slusarz at horde.org>:
> Quoting Rodrigo Abrantes Antunes <rodrigoantunes at pelotas.ifsul.edu.br>:
>> Hi, I'm getting strange logs in my access.log in apache for the horde site:
>>
>> ...GET /static/b169ed96a0dc55b4a76d1a29a1848ae3.css HTTP/1.1" 200 115911
>>
>> "https://myhordeserver.xxx.xxx/imp/compose-dimp.php?to=20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA@myhordeserver.xxx.xxx&popup=1"
>> "Mozilla/5.0....
>>
>> It seems that someone is trying to send a message to an account in the
>> server that horde is, but this server has no mail services and
>> this account
>> is very strange
>> 20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx
> It looks like a Message-ID header from a message sent by Horde/IMP
> is being interpreted as an e-mail address somewhere in Horde/IMP
> (That message-ID is of the format created by our Horde_Mime
> library). This e-mail address is linked to the compose page via the
> registry compose link call.
>
> It doesn't appear to be anything malicious - looks like we are
> running the e-mail text search filter on the Message-ID header when
> we don't need to (maybe in View All Headers in the standard IMP
> view?) and a user is clicking on that.
>
> michael
>
> ___________________________________
> Michael Slusarz [slusarz at horde.org]
>
> --
> imp mailing list
> Frequently Asked Questions: http://wiki.horde.org/FAQTo
> unsubscribe, mail: imp-unsubscribe at lists.horde.org
Well, more strange than this is the fact that I received a spam resport
from AOL saying this:
This is an email abuse report for an email message with the message-id of
20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx[1]received
from IP address xxx.xxx.xxx.xxx on Mon, 17 Sep 2012 12:02:20
-0400 (EDT)
Links:
------
[1] https://webmail.pelotas.ifsul.edu.br/imp/#
More information about the imp
mailing list