[Dovecot] Wrong remote IP (rip) in mail.log using IMAP login
Professa Dementia
professa at dementianati.com
Fri Aug 2 07:01:07 EEST 2013
On 8/1/2013 8:41 PM, pvsuja wrote:
>
> Hi,
>
> I am also facing the same problem. When dovecot is accessed through a web
> mail, the rip is logged as 127.0.0.1 (localhost).
>
> /Aug 1 16:28:04 mailspace dovecot: imap-login: Aborted login (auth failed,
> 1 attempts in 2 secs): user=<suja>, method=PLAIN, rip=127.0.0.1,
> lip=127.0.0.1, TLS, session=<XllGt+DiPQB/AAAB>/
>
> So I am also unable to configure fail2ban with dovecot.
> Is there a way we can log the actual remote IP ?
Dovecot has no way of determining the remote IP when a proxy is the
system making the connection, which is what is happening. Your webmail
is the proxy in this case.
Have fail2ban scan your web server logs, not the mail logs.
Dem
More information about the dovecot
mailing list