Quoting Rodrigo Abrantes Antunes <rodrigoantu...@pelotas.ifsul.edu.br>:
Hi, I'm getting strange logs in my access.log in apache for the horde site: ...GET /static/b169ed96a0dc55b4a76d1a29a1848ae3.css HTTP/1.1" 200 115911 "https://myhordeserver.xxx.xxx/imp/compose-dimp.php?to=20120917130155.horde.rgb1fev4cn9qv0lzuz0n...@myhordeserver.xxx.xxx&popup=1"; "Mozilla/5.0.... It seems that someone is trying to send a message to an account in the server that horde is, but this server has no mail services and this account is very strange 20120917130155.horde.rgb1fev4cn9qv0lzuz0n...@myhordeserver.xxx.xxx
It looks like a Message-ID header from a message sent by Horde/IMP is being interpreted as an e-mail address somewhere in Horde/IMP (That message-ID is of the format created by our Horde_Mime library). This e-mail address is linked to the compose page via the registry compose link call.
It doesn't appear to be anything malicious - looks like we are running the e-mail text search filter on the Message-ID header when we don't need to (maybe in View All Headers in the standard IMP view?) and a user is clicking on that.
michael ___________________________________ Michael Slusarz [slus...@horde.org] -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
