zimbra logs behind reverse proxy

Zimbra is a beast; so when something goes awry, it can be a real pain fixing it. So, in this case we had a reverse proxy (11.12.13.14) serving tens of sites, serving among them a zimbra installation on mail.xxxx.yyy. The zimbra installation had of course a different host name, zimbra.xxxx.yyy and two IP addresses (21.22.23.24 & 31.32.33.34). In the /opt/zimbra/log/audit.log they wanted to see not the reverse proxy server’s IP address, but the connecting client’s IP address. There is a very nice guide on how to accomplish this in the zimbra documentation, but after following it to the t, we still were seeing all the connections and logins coming from 21.22.23.24. Not happy. What the guide fails to say, is this:

You need to add all the aforementioned IP address to the specific server’s zimbraMailTrustedIP

.
That is, for each server zmprov gas returns, you need to explicitly add the IP address listed in the audit.log (21.22.23.24 in this case) as a zimbraMailTrustedIP like this:
$ zmprov gas
zimbra.xxxx.yyy
$ zmprov ms zimbra.xxxx.yyy +zimbraMailTrustedIP 21.22.23.24

And then restart mailboxd with zmmailboxdctl restart. And then and only then will you see the real IP of the clients listed in audit.log, mailbox.log, etc.