2 Aug
2013
2 Aug
'13
7:01 a.m.
On 8/1/2013 8:41 PM, pvsuja wrote:
Hi,
I am also facing the same problem. When dovecot is accessed through a web mail, the rip is logged as 127.0.0.1 (localhost).
/Aug 1 16:28:04 mailspace dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<suja>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<XllGt+DiPQB/AAAB>/
So I am also unable to configure fail2ban with dovecot. Is there a way we can log the actual remote IP ?
Dovecot has no way of determining the remote IP when a proxy is the system making the connection, which is what is happening. Your webmail is the proxy in this case.
Have fail2ban scan your web server logs, not the mail logs.
Dem