Quoting Duane Zimmer <[email protected]>:
Hey all,
I have two error messages on two different servers. I am using
horde 3.3 and imp 4.3 on a Linux Gentoo Servers. Originally
someone found a way to send messages using compose.php script and
they used my two domains as relays via imp. I updated to the
current versions above but on the one server they are still able to
send through but I have enable policyd and limited sending from my
webmail and I am blocking senders, I base my blocking on the apache
access log
196.3.183.72 - - [26/Mar/2009:09:19:21 -0600] "GET
/horde/imp/compose.php?mailbox=INBOX&uniq=1238080491000 HTTP/1.1"
200 6305
This has appeared on the mailing list numerous times. There is no
security issue in IMP. This can only happen if the attacker has
obtained a username/password to login as. Newer versions of IMP have
rate limiting for senders to workaround this issue.
After the upgrade on the other server I have a
PHP Notice: Undefined variable: editor in
/var/www/localhost/htdocs/horde/imp/lib/UI/Compose.php
This is a config file issue. Or the (extremely) rare case where
'tinymce' was previously your default jseditor (it was removed in
later releases).
michael
--
___________________________________
Michael Slusarz [[email protected]]
--
IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: [email protected]
