On 12 April 2019 at 22:01 Robert Kudyba via dovecot < dovecot@dovecot.org> wrote:
>On 12 April 2019 21:45 Robert Kudyba via dovecot < dovecot@dovecot.org>wrote:>>You are running some kind of proxy in front of it.No proxy. Just sendmail with users using emacs/Rmail orWebmail/Squirrelmail.>If you want it to show real client IP, you need to enable forwardingof said data. With dovecot it's done by settinglogin_trusted_networks = your-upstream-host-or-netin backend config file.OK I changed it and restarted wforce and dovecot. Still seeing this:Apr 12 14:38:55 auth: Debug:policy(ouruser,127.0.0.1,<6GFTnVmGcMN/AAAB>): Policy server request JSON:{"device_id":"","login":"ouruser","protocol":"imap","pwhash":"43","remote":"127.0.0.1","success":false,"policy_reject":false,"tls":false}>For webmails, this requires both login_trusted_networks and alsosupport from the webmail software to forward client IP.>I did get a reply from the Squirrelmail list:"Well, I've had code sitting around for a while that implements RFC2971(ID command), so I just committed it. You can use it for this purpose byputting something like this into your config/config_local.php$imap_id_command_args = array('remote-host' => '###REMOTE ADDRESS###');"Which I also added previously. But that doesn't address emacs/RMailusers.>Could there be a setting in sendmail.mc/cf (file that I'm missing?Can you verify following?doveconf auth_policy_request_attributesauth_policy_request_attributes = login=%{requested_username}pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%sOn some versions remote is mistakenly %{real_rip} which expands into wherethe connection came from instead of client IP.If it's wrong just feel free to copypaste the setting above into dovecotconfig.
Verified. I believe you told me that on the other thread and I made thatchange a while back.
Fot the webmail array you probably need https://wiki2.dovecot.org/Design/ParameterForwarding so you can configure it correctly.
No idea how to configure sendmail.
---
Aki Tuomi
Aki Tuomi
