[imp] Strange logs in apache

Thu Oct 11 21:41:28 UTC 2012

Citando Michael M Slusarz <slusarz at horde.org>:
> Quoting Rodrigo Abrantes Antunes <rodrigoantunes at pelotas.ifsul.edu.br>:
>> Hi, I'm getting strange logs in my access.log in apache for the horde site:
>>
>>    ...GET /static/b169ed96a0dc55b4a76d1a29a1848ae3.css HTTP/1.1" 200 115911
>>     
>> "https://myhordeserver.xxx.xxx/imp/compose-dimp.php?to=20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA@myhordeserver.xxx.xxx&popup=1"
>>    "Mozilla/5.0....
>>
>>    It seems that someone is trying to send a message to an account in the
>>    server that horde is, but this server has no mail services and  
>> this account
>>    is very strange
>> 20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx
>   It looks like a Message-ID header from a message sent by Horde/IMP  
> is being interpreted as an e-mail address somewhere in Horde/IMP  
> (That message-ID is of the format created by our Horde_Mime  
> library).  This e-mail address is linked to the compose page via the  
> registry compose link call.
>
>   It doesn't appear to be anything malicious - looks like we are  
> running the e-mail text search filter on the Message-ID header when  
> we don't need to (maybe in View All Headers in the standard IMP  
> view?) and a user is clicking on that.
>
>   michael
>
>   ___________________________________
>   Michael Slusarz [slusarz at horde.org]
>
>   --
>   imp mailing list
>   Frequently Asked Questions: http://wiki.horde.org/FAQTo  
> unsubscribe, mail: imp-unsubscribe at lists.horde.org

More logs in my mail server, not the one where horde is:

mail.log.2:Sep 17 13:02:03 mymailserver postfix/smtp[7196]: 92481216C7:
to=<MDRatcliff at hotmail.com>, relay=mx4.hotmail.com[65.55.92.152]:25,
delay=2.2, delays=0.13/0.2/0.5/1.4, dsn=2.0.0, status=sent (250 
<20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx>
Queued mail for delivery)
mail.log.2:Sep 17 13:02:03 mymailserver postfix/smtp[7196]: 92481216C7:
to=<a2zgram at hotmail.com>, relay=mx4.hotmail.com[65.55.92.152]:25,
delay=2.2, delays=0.13/0.2/0.5/1.4, dsn=2.0.0, status=sent (250 
<20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx>
Queued mail for delivery)
mail.log.2:Sep 17 13:02:03 mymailserver postfix/smtp[7196]: 92481216C7:
to=<craigspecker at hotmail.com>, relay=mx4.hotmail.com[65.55.92.152]:25,
delay=2.2, delays=0.13/0.2/0.5/1.4, dsn=2.0.0, status=sent (250 
<20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx>
Queued mail for delivery)
mail.log.2:Sep 17 13:02:03 mymailserver postfix/smtp[7196]: 92481216C7:
to=<gwen.lisa at hotmail.com>, relay=mx4.hotmail.com[65.55.92.152]:25,
delay=2.2, delays=0.13/0.2/0.5/1.4, dsn=2.0.0, status=sent (250 
<20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx>
Queued mail for delivery)
mail.log.2:Sep 17 13:02:08 mymailserver postfix/smtp[7193]: 92481216C7:
to=<buckley01 at msn.com>, relay=mx4.hotmail.com[65.55.92.136]:25, delay=6.8,
delays=0.13/2.5/0.74/3.4, dsn=2.0.0, status=sent (250 
<20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx>
Queued mail for delivery)
mail.log.2:Sep 17 13:02:08 mymailserver postfix/smtp[7193]: 92481216C7:
to=<haljrat at msn.com>, relay=mx4.hotmail.com[65.55.92.136]:25, delay=6.8,
delays=0.13/2.5/0.74/3.4, dsn=2.0.0, status=sent (250 
<20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx>
Queued mail for delivery)
mail.log.2:Sep 17 13:02:08 mymailserver postfix/smtp[7193]: 92481216C7:
to=<james.taylor78 at msn.com>, relay=mx4.hotmail.com[65.55.92.136]:25,
delay=6.8, delays=0.13/2.5/0.74/3.4, dsn=2.0.0, status=sent (250 
<20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx>
Queued mail for delivery)
mail.log.2:Sep 17 13:02:08 mymailserver postfix/smtp[7193]: 92481216C7:
to=<jimmyjg2 at msn.com>, relay=mx4.hotmail.com[65.55.92.136]:25, delay=6.8,
delays=0.13/2.5/0.74/3.4, dsn=2.0.0, status=sent (250 
<20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx>
Queued mail for delivery)
mail.log.2:Sep 17 13:02:08 mymailserver postfix/smtp[7193]: 92481216C7:
to=<lgtk_50 at msn.com>, relay=mx4.hotmail.com[65.55.92.136]:25, delay=6.8,
delays=0.13/2.5/0.74/3.4, dsn=2.0.0, status=sent (250 
<20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx>
Queued mail for delivery)
mail.log.2:Sep 17 13:02:08 mymailserver postfix/smtp[7193]: 92481216C7:
to=<mardeck at msn.com>, relay=mx4.hotmail.com[65.55.92.136]:25, delay=6.8,
delays=0.13/2.5/0.74/3.4, dsn=2.0.0, status=sent (250 
<20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx>
Queued mail for delivery)
mail.log.2:Sep 17 13:02:08 mymailserver postfix/smtp[7193]: 92481216C7:
to=<sswinshaw at msn.com>, relay=mx4.hotmail.com[65.55.92.136]:25, delay=6.8,
delays=0.13/2.5/0.74/3.4, dsn=2.0.0, status=sent (250 
<20120917130155.Horde.Rgb1fEv4Cn9QV0lzuz0nzRA at myhordeserver.xxx.xxx>
Queued mail for delivery)