Question about login_log_format_elements in a proxy environment

[Adi Pircalabu]

On 08-12-2020 3:13, John Fawcett wrote:
> On 07/12/2020 06:02, Adi Pircalabu wrote:
>> Hi,
>> 
>> I have a Dovecot proxy setup with several proxy machines (currently
>> running 2.3.11.3) in front of the real Dovecot servers (2.3.10.1)
>> storing the mailboxes. "doveconf -a | egrep lip" returns:
>> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
>> %c session=<%{session}>
>> 
>> In the real server maillog I'm expecting to have "lip" replaced with
>> the IP address of the proxy. It works as expected for imap-login
>> processes, however for pop3-login processes I still see the real
>> server IP instead of the proxy IP. Ideas?
>> 
>> Regards,
>> 
> Hi Adi
> 
> in general people want to get the original ip not the proxied ip. The
> proxying of the original ip is done by a different method for imap and 
> pop3
> 
> https://wiki.dovecot.org/Design/ParameterForwarding
> 
> However, unless I'm reading this wrongly, both methods are affected by
> trusted_networks settings. I guess for people to help further, you'd
> need to give more info your configuration settings.

Thanks John. login_trusted_networks, if this is the setting you're 
referring to, lists the proxy IPs. I'd have thought, by having this 
setting on the real servers, the proxy IP will be logged by both IMAP 
and POP3 login processes, but it appears it isn't the case. It works for 
IMAP, not for POP3.
The reason I need the proxy IP in the "lip" instead of the local IP in 
the real server mail log is that I need to filter certain connections, 
both IMAP and POP3, that are coming directly into the real server IP. By 
capturing the IMAP & POP3 traffic on the real servers and matching the 
results to the mail log entries I *should* be able to tell what mail 
accounts from which remote IP addresses are coming in via the proxies 
and which ones are coming into the real servers directly. Hope that 
makes sense.
Cheers,

-- 
Adi Pircalabu