Using RoundCube it is not showing correctly the remote ip into my server mail logs.
Here is mail log when I am connecting through RoundCube:
Jun 23 17:54:57 server dovecot: imap-login: Login: user=<user.one-mydomain.com>, method=PLAIN, rip=::1, lip=::1, mpid=4645, secured, session=<RwrUPPM17gAAAAAAAAAAAAAAAAAAAAAB>
Here is mail log when I am connecting through Microsoft Outlook:
Jun 23 12:43:18 server dovecot: pop3-login: Login: user=<user.one-mydomain.com>, method=PLAIN, rip=198.423.11.235, lip=123.174.21.14, mpid=28700, session=<wgZN4u41MQC8G7Lr>
As you can see using RoundCube is like being on the server, rip and lip has the same value ::1. Is it a way to record correctly the rip address instead of locahost ::1 into mail logs? In this way being able to determine if it is a normal user behavior or an attempt to break it? Even I can use Fail2Ban, I would like to have a prove from where IP address did someone connected.
Thank you.
Using RoundCube it is not showing correctly the remote ip into my server mail logs.
Here is mail log when I am connecting through RoundCube:
Here is mail log when I am connecting through Microsoft Outlook:
As you can see using RoundCube is like being on the server, rip and lip has the same value ::1. Is it a way to record correctly the rip address instead of locahost ::1 into mail logs? In this way being able to determine if it is a normal user behavior or an attempt to break it? Even I can use Fail2Ban, I would like to have a prove from where IP address did someone connected.
Thank you.