auth: dovecot: pass remote IP (rip=) to auth server

If known, let the auth server know where the client came from, using REMOTE_ADDR or, optionally/configurably, the X-Remote-Addr header value (which is needed when running behind a trusted proxy.) Addresses #1859.
2025-09-30 21:12:05 +00:00 · 2025-08-30 21:59:22 +02:00 · 2025-08-30 21:59:22 +02:00 · b5a1ea911d
commit b5a1ea911d
parent 1bac038f5a
8 changed files with 136 additions and 15 deletions
--- a/DOCUMENTATION.md
+++ b/DOCUMENTATION.md
@ -1187,6 +1187,26 @@ Port of via network exposed dovecot socket

 Default: `12345`

+##### dovecot_rip_x_remote_addr
+
+_(>= 3.5.6)_
+
+Use the `X-Remote-Addr` value for the remote IP (rip) parameter in the
+dovecot authentication protocol.
+
+If set, Radicale must be running behind a proxy that you control and
+that sets/overwrites the `X-Remote-Addr` header (doesn't pass it) so
+that the value passed to dovecot is reliable. For example, for nginx,
+add
+
+```
+    proxy_set_header  X-Remote-Addr $remote_addr;
+```
+
+to the configuration sample.
+
+Default: `False`
+
 ##### imap_host

 _(>= 3.4.1)_