diff --git a/core/nginx/conf/proxy.conf b/core/nginx/conf/proxy.conf
index 5a182ea8..e4ff6c93 100644
--- a/core/nginx/conf/proxy.conf
+++ b/core/nginx/conf/proxy.conf
@@ -1,6 +1,12 @@
 # Default proxy setup
 proxy_set_header Host $http_host;
 proxy_set_header X-Real-IP $remote_addr;
-proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header True-Client-IP $remote_addr;
+proxy_set_header Forwarded "";
 proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
+{% if REAL_IP_HEADER and REAL_IP_FROM %}
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+{% else %}
+proxy_set_header X-Forwarded-For $remote_addr;
+{% endif %}
 proxy_http_version 1.1;
diff --git a/docs/configuration.rst b/docs/configuration.rst
index 7cf3c926..da53ff1e 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -173,6 +173,7 @@ The ``LETSENCRYPT_SHORTCHAIN`` (default: False) setting controls whether we send
 
 .. _`android handsets older than 7.1.1`: https://community.letsencrypt.org/t/production-chain-changes/150739
 
+The ``REAL_IP_HEADER`` (default: unset) and ``REAL_IP_FROM`` (default: unset) settings controls whether HTTP headers such as ``X-Forwarded-For`` or ``X-Real-IP`` should be trusted. The former should be the name of the HTTP header to extract the client IP address from and the later a comma separated list of IP addresses designing which proxies to trust. If you are using Mailu behind a reverse proxy, you should set both. Setting the former without the later introduces a security vulnerability allowing a potential attacker to spoof his source address.
 
 Antivirus settings
 ------------------
diff --git a/towncrier/newsfragments/1960.bugfix b/towncrier/newsfragments/1960.bugfix
new file mode 100644
index 00000000..ecf5ac50
--- /dev/null
+++ b/towncrier/newsfragments/1960.bugfix
@@ -0,0 +1 @@
+Ensure that we do not trust the source-ip address set in headers if REAL_IP_HEADER isn't set. If you are using Mailu behind a reverse proxy, please ensure that you do read the documentation.