<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 12 April 2019 at 22:01 Robert Kudyba via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
>
</div>
<blockquote type="cite">
<blockquote type="cite">
<div>
On 12 April 2019 21:45 Robert Kudyba via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>>
</div>
</blockquote>
<div>
wrote:
</div>
<div>
>
</div>
<div>
>
</div>
<blockquote type="cite">
<blockquote type="cite">
<div>
You are running some kind of proxy in front of it.
</div>
</blockquote>
</blockquote>
<blockquote type="cite">
<div>
No proxy. Just sendmail with users using emacs/Rmail or
</div>
</blockquote>
<div>
Webmail/Squirrelmail.
</div>
<div>
>
</div>
<blockquote type="cite">
<blockquote type="cite">
<div>
If you want it to show real client IP, you need to enable forwarding
</div>
</blockquote>
</blockquote>
<div>
of said data. With dovecot it's done by setting
</div>
<blockquote type="cite">
<blockquote type="cite"></blockquote>
<blockquote type="cite">
<div>
login_trusted_networks = your-upstream-host-or-net
</div>
</blockquote>
<blockquote type="cite">
<div>
in backend config file.
</div>
</blockquote>
</blockquote>
<blockquote type="cite">
<div>
OK I changed it and restarted wforce and dovecot. Still seeing this:
</div>
<div>
Apr 12 14:38:55 auth: Debug:
</div>
</blockquote>
<div>
policy(ouruser,127.0.0.1,<6GFTnVmGcMN/AAAB>): Policy server request JSON:
</div>
<div>
{"device_id":"","login":"
</div>
<div>
ouruser","protocol":"imap","pwhash":"43","remote":"127.0.0.1","success":false,"policy_reject":false,"tls":false}
</div>
<div>
>
</div>
<blockquote type="cite">
<blockquote type="cite">
<div>
For webmails, this requires both login_trusted_networks and also
</div>
</blockquote>
</blockquote>
<div>
support from the webmail software to forward client IP.
</div>
<div>
>
</div>
<blockquote type="cite">
<div>
I did get a reply from the Squirrelmail list:
</div>
<div>
"Well, I've had code sitting around for a while that implements RFC2971
</div>
</blockquote>
<div>
(ID command), so I just committed it. You can use it for this purpose by
</div>
<div>
putting something like this into your config/config_local.php
</div>
<blockquote type="cite">
<div>
$imap_id_command_args = array('remote-host' => '###REMOTE ADDRESS###');"
</div>
</blockquote>
<blockquote type="cite">
<div>
Which I also added previously. But that doesn't address emacs/RMail
</div>
</blockquote>
<div>
users.
</div>
<div>
>
</div>
<blockquote type="cite">
<div>
Could there be a setting in sendmail.mc/cf (
</div>
</blockquote>
<div>
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__sendmail.mc_cf&d=DwICaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=CsaMqvBelGXz-_ClT0RDzwqz0tH3cTGNItJktQeULLs&s=JnUd5ej3Twniz2q3fiWUrV_qOFlAwvFHquFjfgsoQJ0&e=" rel="noopener" target="_blank">https://urldefense.proofpoint.com/v2/url?u=http-3A__sendmail.mc_cf&d=DwICaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=CsaMqvBelGXz-_ClT0RDzwqz0tH3cTGNItJktQeULLs&s=JnUd5ej3Twniz2q3fiWUrV_qOFlAwvFHquFjfgsoQJ0&e=</a>)
</div>
<div>
file that I'm missing?
</div>
</blockquote>
<blockquote type="cite">
<div>
Can you verify following?
</div>
</blockquote>
<blockquote type="cite">
<div>
doveconf auth_policy_request_attributes
</div>
</blockquote>
<blockquote type="cite">
<div>
auth_policy_request_attributes = login=%{requested_username}
</div>
<div>
pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
</div>
</blockquote>
<blockquote type="cite">
<div>
On some versions remote is mistakenly %{real_rip} which expands into where
</div>
<div>
the connection came from instead of client IP.
</div>
</blockquote>
<blockquote type="cite">
<div>
If it's wrong just feel free to copypaste the setting above into dovecot
</div>
<div>
config.
</div>
</blockquote>
<div>
<br>
</div>
<div>
Verified. I believe you told me that on the other thread and I made that
</div>
<div>
change a while back.
</div>
</blockquote>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
Fot the webmail array you probably need https://wiki2.dovecot.org/Design/ParameterForwarding so you can configure it correctly.
</div>
<div>
<br>
</div>
<div>
No idea how to configure sendmail.
</div>
<div class="io-ox-signature">
---
<br>Aki Tuomi
</div>
</body>
</html>