OK!
Give me half an hour, please.
the night if you need
Iâm at my linux user group, it is my social day
Not needed!
So:
- â The IP (10.0.0.33) of the email server, from DMZ. Connected to SOGo Web GUI through VPN.
2.a. â FQDN of the email server. Connected to SOGo Web GUI from WAN.
2.b. â The IP of the email server. Connected to SOGo Web GUI from WAN.
The conclusion:
On NS 6.8 final with SOGo 2.3.10, the IPs in log were the IPs of the client.
On NS 7.3 final with SOGo 3.2.7, the IPs in log were the IPs of the server.
with the tailf /var/log/httpd/ssl_access_log i can confirm that the right ipÂŽs are displayed. so how we can make it that sogo do it in the same way?
hi @hucky, I was looking for your answer, We have something strange with the couple sogo and NS7. I donât know yet if the guilty is sogo or something tricked in the firewall/gateway.
Can you try to ban you from the external of your LAN with the ssh jail and take a look to /var/log/messages to see if the right IP is written in log.
As a workaround we can use the ssl_access_log to create a custom sogo jail if needed.
i play today a bit with mod_remoteip but still not work. also i am not sure about the general System which ipÂŽs will be displayed in the logs of ns7 cause also in other logs it displays not the remote ip adress, from my point of view now.
From external it is not possible for me cause i only have access from the intern to ssh.
open it just for a test purpose
we have the same behaviour with the sogo nightly built, therefore our community build is not in cause.
The IP 84.46.37.244 has just been banned by Fail2Ban after
3 attempts against sshd.
yep, worked
with fail2ban, you can open your port to external for ssh. If you are paranoid, then forbid the root access, change the port, and the attacker will try the next server.
therefore the problem is sogo related âŠ
^^ have a different port etc.
@giacomo @davidep I tested different things with sogo
ns6 and sogo2 (nethforge) -> good incoming IP in /var/log/sogo/sogo.log
ns6 and sogo3 (nightly) -> good incoming IP in /var/log/sogo/sogo.log
ns7 and sogo2 -> bad incoming IP in /var/log/sogo/sogo.log
ns7 and sogo3 -> bad incoming IP in /var/log/sogo/sogo.log
ns7 and sogo2 (nightly) -> bad incoming IP in /var/log/sogo/sogo.log
ns7 and sogo3 (nightly) -> bad incoming IP in /var/log/sogo/sogo.log
I guess something NS7 specific in apache with the reverse proxy, or maybe in the shorewall/gateway side (but the fail2ban ssh jail is good so it should not come).
If you have some clues, I will be interested
I think youâre on the right track!
got it @hucky can you test
in /etc/httpd/conf.d/SOGo.conf
line 41
- RequestHeader set âx-webobjects-remote-hostâ %{REQUEST_HOST}e
+ # RequestHeader set âx-webobjects-remote-hostâ %{REQUEST_HOST}e
then
systemctl restart httpd
yep, it worked
The IP 84.46.37.244 has just been banned by Fail2Ban after
3 attempts against sogo-auth.
I have a better fix, it is coming by a rpm
@huky @GG_jr
yum install nethserver-sogo --enablerepo=nethforge-testing
if it is good we will release it
i guess there is something wrong, got a lot of # not a status that is has updated
okay, now i got updated
okay, anything seems to work right now, great Job Stephdl !!!