GETs to /apps/mail/(api|box) fill access log with 40X codes

My server management scripts daily monitor the sizes of access log files and report to me when they are too large. I do a LOT to keep them small. This is because fail2ban is constantly scanning them to block the IPs of intruders. For these reasons I notice when a lot of strange HTTP codes are being generated.

In this case:

  • GET /apps/mail/api/messages/12345/itineraries => 403
  • /apps/mail/api/messages?mailboxId=211&limit=1&cursor=1663380349 => 409

Returning these codes runs for me, using own Scripts for Fail2Ban monitoring Nginx logs, a high risk of my own users getting blocked, so this I see as in fact a real problem.

I am aware that these are virtual addresses and that try_files must therefore be sending them through index.php.

What are the features causing these attempted accesses and how can I turn them off?

Thanks! Tim

I am also having issues with 404 codes from the Mail App. For each message I open, it creates 404s when trying to load Avatar’s (which I thought I disabled).

xhr.js:220 GET https://<my_nextcloud_url>/index.php/apps/mail/api/avatars/url/ 404 (Not Found)