lmtp: lmtp-client - Base client trust on the real remote IP.

LMTP uses real_remote_ip for checking the trust. This means:
 * LMTP proxy checks MTA's IP address
 * LMTP backend checks LMTP proxy's IP address
 * If haproxy is used in front of this LMTP server, the haproxy's IP address is
   checked. This may not be what is always wanted, but in LMTP backend it
   wouldn't be correct to check the original client IP (= MTA IP) either.

diff --git a/src/lmtp/lmtp-client.c b/src/lmtp/lmtp-client.c
index a0f09c5c2eac092b7173523af50f73826e777242..3b3f0ec6d9ef54e6eb776af0b7c691118ef72f4a 100644 (file)
--- a/src/lmtp/lmtp-client.c
+++ b/src/lmtp/lmtp-client.c
@@ -395,7 +395,7 @@ static bool client_connection_is_trusted(void *context)
                        break;
                }
 
-               if (net_is_in_network(&client->remote_ip, &net_ip, bits))
+               if (net_is_in_network(&client->real_remote_ip, &net_ip, bits))
                        return TRUE;
        }
        return FALSE;