On 07/12/2020 23:09, Adi Pircalabu wrote:
> On 08-12-2020 3:13, John Fawcett wrote:
>> On 07/12/2020 06:02, Adi Pircalabu wrote:
>>> Hi,
>>>
>>> I have a Dovecot proxy setup with several proxy machines (currently
>>> running 2.3.11.3) in front of the real Dovecot servers (2.3.10.1)
>>> storing the mailboxes. "doveconf -a | egrep lip" returns:
>>> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
>>> %c session=<%{session}>
>>>
>>> In the real server maillog I'm expecting to have "lip" replaced with
>>> the IP address of the proxy. It works as expected for imap-login
>>> processes, however for pop3-login processes I still see the real
>>> server IP instead of the proxy IP. Ideas?
>>>
>>> Regards,
>>>
>> Hi Adi
>>
>> in general people want to get the original ip not the proxied ip. The
>> proxying of the original ip is done by a different method for imap
>> and pop3
>>
>> https://wiki.dovecot.org/Design/ParameterForwarding
>>
>> However, unless I'm reading this wrongly, both methods are affected by
>> trusted_networks settings. I guess for people to help further, you'd
>> need to give more info your configuration settings.
>
> Thanks John. login_trusted_networks, if this is the setting you're
> referring to, lists the proxy IPs. I'd have thought, by having this
> setting on the real servers, the proxy IP will be logged by both IMAP
> and POP3 login processes, but it appears it isn't the case. It works
> for IMAP, not for POP3.
> The reason I need the proxy IP in the "lip" instead of the local IP in
> the real server mail log is that I need to filter certain connections,
> both IMAP and POP3, that are coming directly into the real server IP.
> By capturing the IMAP & POP3 traffic on the real servers and matching
> the results to the mail log entries I *should* be able to tell what
> mail accounts from which remote IP addresses are coming in via the
> proxies and which ones are coming into the real servers directly. Hope
> that makes sense.
> Cheers,
>
The way I read it is that by specifing login_trusted_networks the proxy
ip can be overwritten by the real ip. I think that's the opposite of
what you need.I can't throw any light on why that is not working for imap but is working for pop3. But as you don't want the overwriting, maybe you should try without login_trusted_networks. John
