How do we get Originating IP when using browser?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
yasanthau
Advanced member
Advanced member
Posts: 57
Joined: Sat Sep 13, 2014 12:52 am

How do we get Originating IP when using browser?

Postby yasanthau » Mon Oct 05, 2015 11:53 am

When connecting to Zimbra mail using any of the browser and compose an email, the zimbra.log show it as "connect from 127.0.0.1". Is it possible to track the ip address of the PC which was used to log into the Zimbra Server?



phoenix
Ambassador
Ambassador
Posts: 26526
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

How do we get Originating IP when using browser?

Postby phoenix » Mon Oct 05, 2015 1:01 pm

You need to enable "x-originating-ip" in the Admin UI.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
yasanthau
Advanced member
Advanced member
Posts: 57
Joined: Sat Sep 13, 2014 12:52 am

How do we get Originating IP when using browser?

Postby yasanthau » Wed Oct 07, 2015 1:59 am

Many Thanks. It is enabled by default and we can get the originating ip by looking into "internet headers" of the email. This is very important to track originating location of particular emails. If we can get this detail on the zimbra.log or any other audit.log, it will be better.
Raunaq
Zimbra Employee
Zimbra Employee
Posts: 39
Joined: Fri Sep 12, 2014 11:22 pm

How do we get Originating IP when using browser?

Postby Raunaq » Wed Oct 07, 2015 10:37 am

Check https://wiki.zimbra.com/wiki/Log_Files#Logging_the_Originating_IP





In mailbox.log, you will see the "oip" (Originating IP) for the real client IP:



2013-08-30 11:19:41,043 INFO [qtp2050551931-94:http://127.0.0.1:8080/service/soap/AuthRequest] [name=user1@example.com;oip=5.6.7.8;ua=zclient/8.0.4_GA_5737;] mbxmgr - Mailbox 3 account abcdef8f-1234-5678-9012-8abcdefe2658 LOADED
yasanthau
Advanced member
Advanced member
Posts: 57
Joined: Sat Sep 13, 2014 12:52 am

How do we get Originating IP when using browser?

Postby yasanthau » Thu Oct 08, 2015 3:29 am

Please check a part of the log below. Even if we enable that config, we dont get "oip" in logs


[root@server1 ~]# su - zimbra -c "zmlocalconfig zimbra_http_originating_ip_header"
zimbra_http_originating_ip_header = X-Forwarded-For


Sep 11 10:41:06 example postfix/smtpd[2784]: connect from example.lk[xx.xx.xx.xx]
Sep 11 10:41:06 example postfix/smtpd[2784]: NOQUEUE: filter: RCPT from example.lk[xx.xx.xx.xx]: <julians@domain1.lk>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<julians@domain1.lk> to=<RohanJay@domain.lk> proto=ESMTP helo=<example.lk>
Sep 11 10:41:06 example postfix/smtpd[2784]: 608981F625F8: client=example.lk[xx.xx.xx.xx]
Sep 11 10:41:06 example postfix/cleanup[3842]: 608981F625F8: message-id=<110719604.7104043.1441948266176.JavaMail.zimbra@domain1.lk>
Sep 11 10:41:06 example postfix/smtpd[2784]: disconnect from example.lk[xx.xx.xx.xx]
Sep 11 10:41:06 example postfix/qmgr[8265]: 608981F625F8: from=<julians@domain.lk>, size=8308, nrcpt=1 (queue active)
Sep 11 10:41:06 example amavis[15886]: (15886-09) ESMTP:[127.0.0.1]:10026 /opt/zimbra/data/amavisd/tmp/amavis-20150911T103651-15886-ZuulvIno: <julians@domain.lk> -> <RohanJay@domain.lk> Received: from example.lk ([127.0.0.1]) by localhost (example.lk [127.0.0.1]) (amavisd-new, port 10026) with ESMTP for <RohanJay@domain.lk>; Fri, 11 Sep 2015 10:41:06 +0530 (IST)
Sep 11 10:41:06 example amavis[15886]: (15886-09) Checking: 2YUenpAy-XTb ORIGINATING/MYNETS [xx.xx.xx.xx] <julians@domain.lk> -> <RohanJay@domain.lk>
Sep 11 10:41:06 example postfix/dkimmilter/smtpd[14777]: connect from localhost[127.0.0.1]
Sep 11 10:41:06 example postfix/dkimmilter/smtpd[14777]: 77D8C1F62602: client=localhost[127.0.0.1]
Sep 11 10:41:06 example postfix/cleanup[3805]: 77D8C1F62602: message-id=<110719604.7104043.1441948266176.JavaMail.zimbra@domain1.lk>
Sep 11 10:41:06 example opendkim[7990]: 77D8C1F62602: no signing table match for 'julians@domain.lk'
Sep 11 10:41:06 example postfix/dkimmilter/smtpd[14777]: disconnect from localhost[127.0.0.1]
Sep 11 10:41:06 example postfix/qmgr[8265]: 77D8C1F62602: from=<julians@domain.lk>, size=8785, nrcpt=1 (queue active)
Sep 11 10:41:06 example amavis[15886]: (15886-09) 2YUenpAy-XTb FWD from <julians@domain.lk> -> <RohanJay@domain.lk>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 77D8C1F62602
Sep 11 10:41:06 example amavis[15886]: (15886-09) Passed CLEAN {RelayedOutbound}, ORIGINATING/MYNETS LOCAL [xx.xx.xx.xx]:60941 <julians@domain.lk> -> <RohanJay@domain.lk>, Queue-ID: 608981F625F8, Message-ID: <110719604.7104043.1441948266176.JavaMail.zimbra@domain1.lk>, mail_id: 2YUenpAy-XTb, Hits: -, size: 8308, queued_as: 77D8C1F62602, 141 ms
Sep 11 10:41:06 example amavis[12591]: (12591-11) ESMTP:[127.0.0.1]:10032 /opt/zimbra/data/amavisd/tmp/amavis-20150911T103240-12591-GwKjlmlh: <julians@domain.lk> -> <RohanJay@domain.lk> SIZE=8785 Received: from example.lk ([127.0.0.1]) by localhost (example.lk [127.0.0.1]) (amavisd-new, port 10032) with ESMTP for <RohanJay@domain.lk>; Fri, 11 Sep 2015 10:41:06 +0530 (IST)
Sep 11 10:41:06 example postfix/smtp[14779]: 608981F625F8: to=<RohanJay@domain.lk>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.15, delays=0.01/0/0/0.14, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 77D8C1F62602)
Sep 11 10:41:06 example postfix/qmgr[8265]: 608981F625F8: removed


Arunmani Murugan
Posts: 11
Joined: Fri Jun 26, 2015 9:10 am

How do we get Originating IP when using browser?

Postby Arunmani Murugan » Tue Nov 24, 2015 11:23 pm

Dear Yasanthau,



We too have same kind of requirement.. (Need to get Originating IP while login from outside network) Is there any update on this issue.



Thanks in Advance..

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 8 guests