I just ran into this line in our log:

2011-03-07 17:40:37,115 INFO [btpool0-12000://localhost/service/soap/AuthRequest] [name=username@mydomain.com;oip=111.222.333.444;ua=zclient/6.0.5_GA_2213.LINUXOS;] security - cmd=Auth; account=username@mydomain.com; protocol=soap;

where oip is the public IP address of the Zimbra server itself.

The user is accessing his email in our LAN, and I believe oip should reflect an internal IP address, 192.168.xxx.xxx.

At what instance is this possible to happen?

Thank in advance for your feedback.