> On 12 April 2019 21:45 Robert Kudyba via dovecot <dovecot@dovecot.org> wrote:
>
>
> > You are running some kind of proxy in front of it.
>
> No proxy. Just sendmail with users using emacs/Rmail or Webmail/Squirrelmail.
>
> > If you want it to show real client IP, you need to enable forwarding of
> > said data. With dovecot it's done by setting
> >
> > login_trusted_networks = your-upstream-host-or-net
> >
> > in backend config file.
>
> OK I changed it and restarted wforce and dovecot. Still seeing this:
> Apr 12 14:38:55 auth: Debug: policy(ouruser,127.0.0.1,<6GFTnVmGcMN/AAAB>):
> Policy server request JSON: {"device_id":"","login":"
> ouruser","protocol":"imap","pwhash":"43","remote":"127.0.0.1","success":false,"policy_reject":false,"tls":false}
>
> > For webmails, this requires both login_trusted_networks and also support
> > from the webmail software to forward client IP.
>
> I did get a reply from the Squirrelmail list:
> "Well, I've had code sitting around for a while that implements RFC2971 (ID
> command), so I just committed it. You can use it for this purpose by putting
> something like this into your config/config_local.php
> $imap_id_command_args = array('remote-host' => '###REMOTE ADDRESS###');"
>
> Which I also added previously. But that doesn't address emacs/RMail users.
>
> Could there be a setting in sendmail.mc/cf (http://sendmail.mc/cf) file that
> I'm missing?
Can you verify following?
doveconf auth_policy_request_attributes
auth_policy_request_attributes = login=%{requested_username}
pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
On some versions remote is mistakenly %{real_rip} which expands into where the
connection came from instead of client IP.
If it's wrong just feel free to copypaste the setting above into dovecot config.
Aki
Aki
