[Dovecot] Wrong remote IP (rip) in mail.log using IMAP login
tyli
tyli at tylmann.ch
Fri Apr 15 11:57:15 EEST 2011
Dear list users
While trying to secure our dovecot server with fail2ban I came across
the following problem:
We use dovecot (1.2.9, ubuntu package) behind a NAT, and failed login
attempts are logged with our firewall as the remote ip.
Example:
Apr 15 08:36:26 mail dovecot: imap-login: Disconnected (auth failed, 6
attempts): user=<xy>, method=PLAIN, rip=192.168.0.1, lip=192.168.0.3
Therefore I would ban 192.168.0.1 which means that I ban EVERY user.
Funny thing is that POP3 login attempts are logged correctly:
Apr 13 11:05:50 mail dovecot: pop3-login: Disconnected (auth failed, 1
attempts): user=<sgvyniwx>, method=PLAIN, rip=217.81.27.55, lip=192.168.0.3
Any ideas how to change this?
Thanks in advance
tyli
More information about the dovecot
mailing list