<div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">> On 12 April 2019 21:45 Robert Kudyba via dovecot <<a href="mailto:dovecot@dovecot.org" target="_blank">dovecot@dovecot.org</a>> wrote:<br>
> <br>
> <br>
> > You are running some kind of proxy in front of it.<br>
> <br>
> No proxy. Just sendmail with users using emacs/Rmail or Webmail/Squirrelmail.<br>
> <br>
> > If you want it to show real client IP, you need to enable forwarding of said data. With dovecot it's done by setting<br>
> >  <br>
> >  login_trusted_networks = your-upstream-host-or-net<br>
> >  <br>
> >  in backend config file.<br>
> <br>
> OK I changed it and restarted wforce and dovecot. Still seeing this:<br>
> Apr 12 14:38:55 auth: Debug: policy(ouruser,127.0.0.1,<6GFTnVmGcMN/AAAB>): Policy server request JSON: {"device_id":"","login":" ouruser","protocol":"imap","pwhash":"43","remote":"127.0.0.1","success":false,"policy_reject":false,"tls":false}<br>
> <br>
> > For webmails, this requires both login_trusted_networks and also support from the webmail software to forward client IP.<br>
> <br>
> I did get a reply from the Squirrelmail list:<br>
> "Well, I've had code sitting around for a while that implements RFC2971 (ID command), so I just committed it. You can use it for this purpose by putting something like this into your config/config_local.php<br>
> $imap_id_command_args = array('remote-host' => '###REMOTE ADDRESS###');"<br>
> <br>
> Which I also added previously. But that doesn't address emacs/RMail users.<br>
> <br>
> Could there be a setting in <a href="http://sendmail.mc/cf" rel="noreferrer" target="_blank">sendmail.mc/cf</a> (<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__sendmail.mc_cf&d=DwICaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=CsaMqvBelGXz-_ClT0RDzwqz0tH3cTGNItJktQeULLs&s=JnUd5ej3Twniz2q3fiWUrV_qOFlAwvFHquFjfgsoQJ0&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=http-3A__sendmail.mc_cf&d=DwICaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=CsaMqvBelGXz-_ClT0RDzwqz0tH3cTGNItJktQeULLs&s=JnUd5ej3Twniz2q3fiWUrV_qOFlAwvFHquFjfgsoQJ0&e=</a>) file that I'm missing?<br><br>
Can you verify following?<br>
<br>
doveconf auth_policy_request_attributes<br>
<br>
auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s<br>
<br>
On some versions remote is mistakenly %{real_rip} which expands into where the connection came from instead of client IP.<br>
<br>
If it's wrong just feel free to copypaste the setting above into dovecot config.<br></blockquote><div><br></div><div>Verified. I believe you told me that on the other thread and I made that change a while back. </div></div></div>