[Dovecot] login_trusted_networks from webmail ?
I'd like to get the IP-address of the webmail-klient logged in my maillog (for being compliant with coming data retention policies). I've noticed that with login_trusted_networks pointing at my dovecot directors, we get rip=client-ip logged on the backends. How is the proxy providing this to the dovecot backends? Anybody know what magic we need to implement in our webmail-solution to be able to forward the webmail-client-ip and have it logged as rip= in dovecot?
I belive it will be enough to have it logged as rip= on the directors, maybe not needed to be forwarded all the way to the backends (but that would be nice as well).
-jf
On 3.7.2013, at 23.29, Jan-Frode Myklebust janfrode@tanso.net wrote:
I'd like to get the IP-address of the webmail-klient logged in my maillog (for being compliant with coming data retention policies). I've noticed that with login_trusted_networks pointing at my dovecot directors, we get rip=client-ip logged on the backends. How is the proxy providing this to the dovecot backends? Anybody know what magic we need to implement in our webmail-solution to be able to forward the webmail-client-ip and have it logged as rip= in dovecot?
a ID ("x-originating-ip" "1.2.3.4")
Other things you could send in the same command: x-originating-port, x-connected-ip, x-connected-port
And in case others are wondering, POP3 and LMTP use: XCLIENT ADDR=1.2.3.4 PORT=12345
I belive it will be enough to have it logged as rip= on the directors, maybe not needed to be forwarded all the way to the backends (but that would be nice as well).
If backend has login_trusted_networks pointing to directors, then the IP gets forwarded to backends as well.
On 3.7.2013, at 23.50, Jan-Frode Myklebust janfrode@tanso.net wrote:
On Wed, Jul 03, 2013 at 11:34:56PM +0300, Timo Sirainen wrote:
a ID ("x-originating-ip" "1.2.3.4")
Perfect, thanks! Feature request for SOGo filed:
Oh and BTW the reason it was implemented with this kind of ID command was so that the client could detect the normal ID capability and based on that just send the IP address without any further figuring out if the backend supports it. The backends that didn't support it would simply ignore that parameter without any errors. So it should be easy for webmails to implement.
Timo Sirainen skrev den 2013-07-03 22:34:
If backend has login_trusted_networks pointing to directors, then the IP gets forwarded to backends as well.
how does imap get ip from http ?
-- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it
On Thu, Jul 04, 2013 at 08:51:47PM +0200, Benny Pedersen wrote:
Timo Sirainen skrev den 2013-07-03 22:34:
If backend has login_trusted_networks pointing to directors, then the IP gets forwarded to backends as well.
how does imap get ip from http ?
The webmail-server will use the HTTP REMOTE_ADDR header in the IMAP ID when initiating the IMAP connection.
a ID ("x-originating-ip" "$REMOTE_ADDR")-jf
Jan-Frode Myklebust skrev den 2013-07-12 12:51:
The webmail-server will use the HTTP REMOTE_ADDR header in the IMAP ID when initiating the IMAP connection.
a ID ("x-originating-ip" "$REMOTE_ADDR")
aha, will remember on roundcube setup to add this header, just a bit unsure how apache can tell dovecot about it if its apache native ?
Jan-Frode Myklebust skrev den 2013-07-03 22:29:
I belive it will be enough to have it logged as rip= on the directors, maybe not needed to be forwarded all the way to the backends (but that would be nice as well).
it would be loggin webservers ip, not webmail client ip, if thats not accepted, turn off webmail
-- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it
participants (3)
-
Benny Pedersen
-
Jan-Frode Myklebust
-
Timo Sirainen