How do we get Originating IP when using browser?
How do we get Originating IP when using browser?
When connecting to Zimbra mail using any of the browser and compose an email, the zimbra.log show it as "connect from 127.0.0.1". Is it possible to track the ip address of the PC which was used to log into the Zimbra Server?
How do we get Originating IP when using browser?
You need to enable "x-originating-ip" in the Admin UI.
How do we get Originating IP when using browser?
Many Thanks. It is enabled by default and we can get the originating ip by looking into "internet headers" of the email. This is very important to track originating location of particular emails. If we can get this detail on the zimbra.log or any other audit.log, it will be better.
How do we get Originating IP when using browser?
Check https://wiki.zimbra.com/wiki/Log_Files# ... inating_IP
In mailbox.log, you will see the "oip" (Originating IP) for the real client IP:
2013-08-30 11:19:41,043 INFO [qtp2050551931-94:http://127.0.0.1:8080/service/soap/AuthRequest] [name=user1@example.com;oip=5.6.7.8;ua=zclient/8.0.4_GA_5737;] mbxmgr - Mailbox 3 account abcdef8f-1234-5678-9012-8abcdefe2658 LOADED
In mailbox.log, you will see the "oip" (Originating IP) for the real client IP:
2013-08-30 11:19:41,043 INFO [qtp2050551931-94:http://127.0.0.1:8080/service/soap/AuthRequest] [name=user1@example.com;oip=5.6.7.8;ua=zclient/8.0.4_GA_5737;] mbxmgr - Mailbox 3 account abcdef8f-1234-5678-9012-8abcdefe2658 LOADED
How do we get Originating IP when using browser?
Please check a part of the log below. Even if we enable that config, we dont get "oip" in logs
[root@server1 ~]# su - zimbra -c "zmlocalconfig zimbra_http_originating_ip_header"
zimbra_http_originating_ip_header = X-Forwarded-For
Sep 11 10:41:06 example postfix/smtpd[2784]: connect from example.lk[xx.xx.xx.xx]
Sep 11 10:41:06 example postfix/smtpd[2784]: NOQUEUE: filter: RCPT from example.lk[xx.xx.xx.xx]: <julians@domain1.lk>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<julians@domain1.lk> to=<RohanJay@domain.lk> proto=ESMTP helo=<example.lk>
Sep 11 10:41:06 example postfix/smtpd[2784]: 608981F625F8: client=example.lk[xx.xx.xx.xx]
Sep 11 10:41:06 example postfix/cleanup[3842]: 608981F625F8: message-id=<110719604.7104043.1441948266176.JavaMail.zimbra@domain1.lk>
Sep 11 10:41:06 example postfix/smtpd[2784]: disconnect from example.lk[xx.xx.xx.xx]
Sep 11 10:41:06 example postfix/qmgr[8265]: 608981F625F8: from=<julians@domain.lk>, size=8308, nrcpt=1 (queue active)
Sep 11 10:41:06 example amavis[15886]: (15886-09) ESMTP:[127.0.0.1]:10026 /opt/zimbra/data/amavisd/tmp/amavis-20150911T103651-15886-ZuulvIno: <julians@domain.lk> -> <RohanJay@domain.lk> Received: from example.lk ([127.0.0.1]) by localhost (example.lk [127.0.0.1]) (amavisd-new, port 10026) with ESMTP for <RohanJay@domain.lk>; Fri, 11 Sep 2015 10:41:06 +0530 (IST)
Sep 11 10:41:06 example amavis[15886]: (15886-09) Checking: 2YUenpAy-XTb ORIGINATING/MYNETS [xx.xx.xx.xx] <julians@domain.lk> -> <RohanJay@domain.lk>
Sep 11 10:41:06 example postfix/dkimmilter/smtpd[14777]: connect from localhost[127.0.0.1]
Sep 11 10:41:06 example postfix/dkimmilter/smtpd[14777]: 77D8C1F62602: client=localhost[127.0.0.1]
Sep 11 10:41:06 example postfix/cleanup[3805]: 77D8C1F62602: message-id=<110719604.7104043.1441948266176.JavaMail.zimbra@domain1.lk>
Sep 11 10:41:06 example opendkim[7990]: 77D8C1F62602: no signing table match for 'julians@domain.lk'
Sep 11 10:41:06 example postfix/dkimmilter/smtpd[14777]: disconnect from localhost[127.0.0.1]
Sep 11 10:41:06 example postfix/qmgr[8265]: 77D8C1F62602: from=<julians@domain.lk>, size=8785, nrcpt=1 (queue active)
Sep 11 10:41:06 example amavis[15886]: (15886-09) 2YUenpAy-XTb FWD from <julians@domain.lk> -> <RohanJay@domain.lk>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 77D8C1F62602
Sep 11 10:41:06 example amavis[15886]: (15886-09) Passed CLEAN {RelayedOutbound}, ORIGINATING/MYNETS LOCAL [xx.xx.xx.xx]:60941 <julians@domain.lk> -> <RohanJay@domain.lk>, Queue-ID: 608981F625F8, Message-ID: <110719604.7104043.1441948266176.JavaMail.zimbra@domain1.lk>, mail_id: 2YUenpAy-XTb, Hits: -, size: 8308, queued_as: 77D8C1F62602, 141 ms
Sep 11 10:41:06 example amavis[12591]: (12591-11) ESMTP:[127.0.0.1]:10032 /opt/zimbra/data/amavisd/tmp/amavis-20150911T103240-12591-GwKjlmlh: <julians@domain.lk> -> <RohanJay@domain.lk> SIZE=8785 Received: from example.lk ([127.0.0.1]) by localhost (example.lk [127.0.0.1]) (amavisd-new, port 10032) with ESMTP for <RohanJay@domain.lk>; Fri, 11 Sep 2015 10:41:06 +0530 (IST)
Sep 11 10:41:06 example postfix/smtp[14779]: 608981F625F8: to=<RohanJay@domain.lk>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.15, delays=0.01/0/0/0.14, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 77D8C1F62602)
Sep 11 10:41:06 example postfix/qmgr[8265]: 608981F625F8: removed
[root@server1 ~]# su - zimbra -c "zmlocalconfig zimbra_http_originating_ip_header"
zimbra_http_originating_ip_header = X-Forwarded-For
Sep 11 10:41:06 example postfix/smtpd[2784]: connect from example.lk[xx.xx.xx.xx]
Sep 11 10:41:06 example postfix/smtpd[2784]: NOQUEUE: filter: RCPT from example.lk[xx.xx.xx.xx]: <julians@domain1.lk>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<julians@domain1.lk> to=<RohanJay@domain.lk> proto=ESMTP helo=<example.lk>
Sep 11 10:41:06 example postfix/smtpd[2784]: 608981F625F8: client=example.lk[xx.xx.xx.xx]
Sep 11 10:41:06 example postfix/cleanup[3842]: 608981F625F8: message-id=<110719604.7104043.1441948266176.JavaMail.zimbra@domain1.lk>
Sep 11 10:41:06 example postfix/smtpd[2784]: disconnect from example.lk[xx.xx.xx.xx]
Sep 11 10:41:06 example postfix/qmgr[8265]: 608981F625F8: from=<julians@domain.lk>, size=8308, nrcpt=1 (queue active)
Sep 11 10:41:06 example amavis[15886]: (15886-09) ESMTP:[127.0.0.1]:10026 /opt/zimbra/data/amavisd/tmp/amavis-20150911T103651-15886-ZuulvIno: <julians@domain.lk> -> <RohanJay@domain.lk> Received: from example.lk ([127.0.0.1]) by localhost (example.lk [127.0.0.1]) (amavisd-new, port 10026) with ESMTP for <RohanJay@domain.lk>; Fri, 11 Sep 2015 10:41:06 +0530 (IST)
Sep 11 10:41:06 example amavis[15886]: (15886-09) Checking: 2YUenpAy-XTb ORIGINATING/MYNETS [xx.xx.xx.xx] <julians@domain.lk> -> <RohanJay@domain.lk>
Sep 11 10:41:06 example postfix/dkimmilter/smtpd[14777]: connect from localhost[127.0.0.1]
Sep 11 10:41:06 example postfix/dkimmilter/smtpd[14777]: 77D8C1F62602: client=localhost[127.0.0.1]
Sep 11 10:41:06 example postfix/cleanup[3805]: 77D8C1F62602: message-id=<110719604.7104043.1441948266176.JavaMail.zimbra@domain1.lk>
Sep 11 10:41:06 example opendkim[7990]: 77D8C1F62602: no signing table match for 'julians@domain.lk'
Sep 11 10:41:06 example postfix/dkimmilter/smtpd[14777]: disconnect from localhost[127.0.0.1]
Sep 11 10:41:06 example postfix/qmgr[8265]: 77D8C1F62602: from=<julians@domain.lk>, size=8785, nrcpt=1 (queue active)
Sep 11 10:41:06 example amavis[15886]: (15886-09) 2YUenpAy-XTb FWD from <julians@domain.lk> -> <RohanJay@domain.lk>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 77D8C1F62602
Sep 11 10:41:06 example amavis[15886]: (15886-09) Passed CLEAN {RelayedOutbound}, ORIGINATING/MYNETS LOCAL [xx.xx.xx.xx]:60941 <julians@domain.lk> -> <RohanJay@domain.lk>, Queue-ID: 608981F625F8, Message-ID: <110719604.7104043.1441948266176.JavaMail.zimbra@domain1.lk>, mail_id: 2YUenpAy-XTb, Hits: -, size: 8308, queued_as: 77D8C1F62602, 141 ms
Sep 11 10:41:06 example amavis[12591]: (12591-11) ESMTP:[127.0.0.1]:10032 /opt/zimbra/data/amavisd/tmp/amavis-20150911T103240-12591-GwKjlmlh: <julians@domain.lk> -> <RohanJay@domain.lk> SIZE=8785 Received: from example.lk ([127.0.0.1]) by localhost (example.lk [127.0.0.1]) (amavisd-new, port 10032) with ESMTP for <RohanJay@domain.lk>; Fri, 11 Sep 2015 10:41:06 +0530 (IST)
Sep 11 10:41:06 example postfix/smtp[14779]: 608981F625F8: to=<RohanJay@domain.lk>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.15, delays=0.01/0/0/0.14, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 77D8C1F62602)
Sep 11 10:41:06 example postfix/qmgr[8265]: 608981F625F8: removed
-
- Posts: 11
- Joined: Fri Jun 26, 2015 9:10 am
How do we get Originating IP when using browser?
Dear Yasanthau,
We too have same kind of requirement.. (Need to get Originating IP while login from outside network) Is there any update on this issue.
Thanks in Advance..
We too have same kind of requirement.. (Need to get Originating IP while login from outside network) Is there any update on this issue.
Thanks in Advance..