Hi,
while testing dovecot-spam, I found out that in my setup, IPv6 addresses from which failed login attempts originate do get blocked, but IPv4 addresses don’t.
I have HAProxy set up as a reverse proxy. HAProxy forwards IMAP ports to Dovecot via ProxyProtocol, so that the original IP address is transmitted to Dovecot (and not the IP address of the server proxy is running on). I don’t know if this is related to the behavior.
When an login attempt from an IPv4 address fails, Dovecot logs the following message:
Jan 13 14:53:45 imap-login: Info: Disconnected (auth failed, 2 attempts in 4 secs): user=xxx@xxx.xx, method=PLAIN, rip=::ffff:xxx.xxx.xxx.xxx, lip=::ffff:xxx.xxx.xxx.xxx, TLS, session=
Via cscli explain
, I found out that the parser wrongly detects the IP address
create evt.Meta.source_ip : ::ffff:xxx.xxx.xxx.xxx
which then subsequently gets banned, with no effect, presumably because ::ffff:xxx.xxx.xxx.xxx
isn’t a valid IPv4 address.
Has anybody observed a similar behavior? Is my interpretation correct? Any ideas how to adapt the parser to catch this behavior?
Thank you