Well, as I said, it's up to squirrelmail to actually provide the real client IP. Otherwise dovecot cannot know it. You can try turning on imap rawlogs (see https://wiki.dovecot.org/Debugging/Rawlog <https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.dovecot.org_Debugging_Rawlog&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=tsGwDRgUrhwnh5KZlvG0kkoKFHTZ10ZLURcHI6mywak&s=23MOSSu15fdwptssjVJVkZk1TuC_hg3QMy5t_8nLFmw&e=>) and check if squirrelmail is forwarding client ip or not.
I added:to /etc/dovecot/conf.d/10-master.conf
service postlogin { executable = script-login -d rawlog unix_listener postlogin { } }
restarted Dovecot and wforce only seeing this, which shows the loopback address:
*Mar 29 10:10:51 imap-login: Info: Login: user=<ouruser>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=10385, secured, session=<8KTTPDyFVIh/AAAB>* Mar 29 10:10:51 imap(ouruser)<10385><8KTTPDyFVIh/AAAB>: Info: Connection closed (UID FETCH finished 0.030 secs ago) in=308 out=27743 deleted=0 expunged=0 trashed=0 hdr_count=50 hdr_bytes=10263 body_count=0 body_bytes=0 Mar 29 10:10:51 auth: Debug: auth client connected (pid=10389) Mar 29 10:10:51 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=2MwBPTyFWoh/AAAB lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=34906 resp=<hidden> Mar 29 10:10:51 auth: Debug: policy(ouruser,127.0.0.1,<2MwBPTyFWoh/AAAB>): Policy request https://ourdomain:8084/?command=allow Mar 29 10:10:51 auth: Debug: policy(ouruser,127.0.0.1,<2MwBPTyFWoh/AAAB>): Policy server request JSON: {"device_id":"","login":"ouruser","protocol":"imap","pwhash":"68","remote":"127.0.0.1","tls":false} Mar 29 10:10:51 auth: Debug: http-client: peer ip.of.se.vr:8084 (shared): Peer reused Mar 29 10:10:51 auth: Debug: http-client[1]: queue https://ourdomain:8084: Setting up connection to ip.of.se.vr:8084 (SSL=ourdomain) (2 requests pending) Mar 29 10:10:51 auth: Debug: http-client[1]: request [Req7: POST https://ourdomain:8084/?command=allow]: Submitted (requests left=2) Mar 29 10:10:51 auth: Debug: http-client[1]: peer ip.of.se.vr:8084: Creating 1 new connections to handle requests (already 0 usable, connecting to 0, closing 0) Mar 29 10:10:52 auth: Debug: http-client: peer ip.of.se.vr:8084 (shared): Backoff timer expired Mar 29 10:10:52 auth: Debug: http-client[1]: peer ip.of.se.vr:8084: Making new connection 1 of 1 (0 connections exist, 0 pending) Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: HTTPS connection created (1 parallel connections exist) Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: Connected Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: Starting SSL handshake Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: SSL handshake to ip.of.se.vr:8084 failed: Connection closed Mar 29 10:10:52 auth: Debug: http-client[1]: peer ip.of.se.vr:8084: Connection failed (1 connections exist, 0 pending) Mar 29 10:10:52 auth: Debug: http-client: peer ip.of.se.vr:8084: Failed to make connection (1 connections exist, 0 pending) Mar 29 10:10:52 auth: Debug: http-client[1]: peer ip.of.se.vr:8084: Failed to establish any connection within our peer pool: SSL handshake to ip.of.se.vr:8084 failed: Connection closed (1 connections exist, 0 pending) Mar 29 10:10:52 auth: Debug: http-client[1]: queue https://ourdomain:8084: Failed to set up connection to ip.of.se.vr:8084 (SSL=ourdomain): SSL handshake to ip.of.se.vr:8084 failed: Connection closed (1 peers pending, 2 requests pending) Mar 29 10:10:52 auth: Debug: http-client: peer ip.of.se.vr:8084 (shared): Peer reused Mar 29 10:10:52 auth: Debug: http-client[1]: queue https://ourdomain:8084: Setting up connection to ip.of.se.vr:8084 (SSL=ourdomain) (2 requests pending) Mar 29 10:10:52 auth: Debug: http-client[1]: queue https://ourdomain:8084: Started new connection to ip.of.se.vr:8084 (SSL=ourdomain) Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: Connection close Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: Connection disconnect Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: Detached peer Mar 29 10:10:52 auth: Debug: http-client[1]: conn ip.of.se.vr:8084 [6]: Connection destroy Mar 29 10:10:52 auth: Debug: http-client[1]: peer ip.of.se.vr:8084: Creating 1 new connections to handle requests (already 0 usable, connecting to 0, closing 0) Mar 29 10:10:52 auth: Debug: http-client: peer ip.of.se.vr:8084 (shared): Starting backoff timer for 6400 msecs Mar 29 10:10:53 auth: Debug: http-client[1]: queue https://ourdomain:8084: Timeout (now: 2019-03-29 10:10:53.503) Mar 29 10:10:53 auth: Debug: http-client[1]: queue https://ourdomain:8084: Absolute timeout expired for request [Req6: POST https://ourdomain:8084/?command=report] (Request queued 2.001 secs ago, not yet sent, 0.000 in other ioloops) Mar 29 10:10:53 auth: Debug: http-client[1]: request [Req6: POST https://ourdomain:8084/?command=report]: Error: 9008 Absolute request timeout expired (Request queued 2.001 secs ago, not yet sent, 0.000 in other ioloops) Mar 29 10:10:53 auth: Debug: http-client[1]: queue https://ourdomain:8084: Dropping request [Req6: POST https://ourdomain:8084/?command=report] Mar 29 10:10:53 auth: Error: policy(ouruser,127.0.0.1,<8KTTPDyFVIh/AAAB>): Policy server HTTP error: Absolute request timeout expired (Request queued 2.001 secs ago, not yet sent, 0.000 in other ioloops) Mar 29 10:10:53 auth: Debug: http-client[1]: request [Req6: POST https://ourdomain:8084/?command=report]: Destroy (requests left=2) Mar 29 10:10:53 auth: Debug: http-client[1]: request [Req6: POST https://ourdomain:8084/?command=report]: Free (requests left=1) Mar 29 10:10:53 auth: Debug: http-client[1]: queue https://ourdomain:8084: New timeout Mar 29 10:10:53 auth: Debug: http-client[1]: queue https://ourdomain:8084: Set request timeout to 2019-03-29 10:10:53.613 (now: 2019-03-29 10:10:53.503) Mar 29 10:10:53 auth: Debug: http-client[1]: queue https://ourdomain:8084: Timeout (now: 2019-03-29 10:10:53.613) Mar 29 10:10:53 auth: Debug: http-client[1]: queue https://ourdomain:8084: Absolute timeout expired for request [Req7: POST https://ourdomain:8084/?command=allow] (Request queued 2.000 secs ago, not yet sent, 0.000 in other ioloops)
What feature or setting would I be looking for in Squirrelmail to change to wforce?