From 2c9a0e54d6d66249a2d17750a12cd95f9a6f268c Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Sat, 2 May 2020 00:05:06 +0200
Subject: [PATCH] lmtp: lmtp-client - Base client trust on the real remote IP.

LMTP uses real_remote_ip for checking the trust. This means:
 * LMTP proxy checks MTA's IP address
 * LMTP backend checks LMTP proxy's IP address
 * If haproxy is used in front of this LMTP server, the haproxy's IP address is
   checked. This may not be what is always wanted, but in LMTP backend it
   wouldn't be correct to check the original client IP (= MTA IP) either.
---
 src/lmtp/lmtp-client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lmtp/lmtp-client.c b/src/lmtp/lmtp-client.c
index a0f09c5c2e..3b3f0ec6d9 100644
--- a/src/lmtp/lmtp-client.c
+++ b/src/lmtp/lmtp-client.c
@@ -395,7 +395,7 @@ static bool client_connection_is_trusted(void *context)
 			break;
 		}
 
-		if (net_is_in_network(&client->remote_ip, &net_ip, bits))
+		if (net_is_in_network(&client->real_remote_ip, &net_ip, bits))
 			return TRUE;
 	}
 	return FALSE;
-- 
2.47.3