[Dovecot] Wrong remote IP (rip) in mail.log using IMAP login

tyli tyli at tylmann.ch
Fri Apr 15 11:57:15 EEST 2011

Dear list users

While trying to secure our dovecot server with fail2ban I came across
the following problem:
We use dovecot (1.2.9, ubuntu package) behind a NAT, and failed login
attempts are logged with our firewall as the remote ip.

Apr 15 08:36:26 mail dovecot: imap-login: Disconnected (auth failed, 6
attempts): user=<xy>, method=PLAIN, rip=, lip=

Therefore I would ban which means that I ban EVERY user.

Funny thing is that POP3 login attempts are logged correctly:
Apr 13 11:05:50 mail dovecot: pop3-login: Disconnected (auth failed, 1
attempts): user=<sgvyniwx>, method=PLAIN, rip=, lip=

Any ideas how to change this?

Thanks in advance

More information about the dovecot mailing list