It’s a bad title, but I’m trying to figure out how to describe what I want.
First, I got my photoprism working thru cloudflare. Now, on the same domain I would like an email address.
So mysite.com gets routed to 56.654.234.12 let’s say by cloudflare such that a global user never sees my ip. But mail.mysite.com that’s different, they don’t proxy email so if you do a reverse lookup you can find the origin IP.
I heard about tunnels so I stupidly signed up for that, only to learn that a tunnel just lets you into an internal network. So an SMTP server can’t get emails from outside that way.
Ideally, somehow I could setup one user at Gmail or proton mail, then somehow setup the same or different user...user1@mysite.com and I could then use mailu, mailcow, mail docker to house my user1@mysite.com which routes mail thru Gmail or protonmail. I know all this makes little sense because I don’t know the proper way, so that’s my question for you smart people who have done this twice over. Could someone point me to the best way of setting up a local mail server that routes thru cloudflare but is not easily reverse looked up? Is that even a problem at all?
You must log in or register to comment.
Mail hosting is not that simple anymore. Your understanding of how it works is missing an entire world of complex issues that you need to solve outside of just hosting a mail server with an open SMTP port.
The biggest certainty is that just having an open port for an SMTP server dangling out there means you will 100% be attacked. Not just sometimes, non-stop. So you don’t want to host on a machine with anything else on it, cuz security. So you need a dedicated host for that portion, and a very capable and restrictive intrusion detection system (let’s say crowdsec), which is going to take some amount of resources to run, and stop your machine from toppling over.
Next, you need all your secondary record systems (SPF, DKIM, DMARC) pointing at a defined and unchanging record for your SMTP server, so you’ll need a static IP. If you don’t have that already, you’re kind of SOL.
Next, you’ll need to be running your own peer authentication system, then a spam filtering system (of which none of them work well without massive amounts of sample data, but you can use public lists to help block known bad actors), decent file threat scanning…you see where I’m going with this. It all takes a fair amount of resources, and even more if/when you get bad actors spamming the machine all the time.
Finally, you’ll probably want this machine completely segmented from the rest of your network, which isn’t really complicated, just costs a bit more money.
There’s a reason why mail hosts and forwarding services cost money, and still exist. It takes a large amount of effort to be somewhat secure, or at least to best of your efforts. With the added costs associated with hosting your own mail servers, most people just avoid the hell out of it. I certainly wouldn’t recommend it.
The biggest certainty is that just having an open port for an SMTP server dangling out there means you will 100% be attacked. Not just sometimes, non-stop. So you don’t want to host on a machine with anything else on it, cuz security. So you need a dedicated host for that portion, and a very capable and restrictive intrusion detection system (let’s say crowdsec), which is going to take some amount of resources to run, and stop your machine from toppling over.
I need to call BS on this. No one cares. I’ve been running a small go-smtp based server that would do some processing on forwarded mail for 2 years now and I don’t see much of “attacks”. Yeah, sometimes I get passersbys trying to figure if this is a mail relay, which it’s not.
You absolutely don’t need a dedicated machine and an IDS. And you definitely need crowdsec.
Yeah, sending mail is somewhat hard lately, but DKIM and DMARC can be figured out. Receiving mail is just straightforward.
As is your want to do. I’ve run thousands of different combinations and type of SMTP related services at all stages of processing, and I’ve seen the above 100% of the time.
You are talking about receiving mail from another forwarded entity. It’s not the same thing. You’re also proving my point, because you’re already getting your intake handled upstream, so there you go. What I said is accurate. 👍
Have a look at https://forwardemail.net/. It’s a service that handles accepting (and optionally sending) email on your domain, and forwarding any received mail to other backend services, like a gmail account. All you need to do is set some DNS records, like MX and their servers will handle everything. It works fine with domains hosted on cloudflare, and has excellent howto’s to get everything set up and running.
Edit: The great thing about this service, imho, is their guides. They don’t just have a static howto, they template in your information into the exact string you need to copy/paste into the service provider’s web interface. Want to encrypt your plaintext TXT records? There’s a button for that on the guide. Want to learn how to get around a port 25 ISP block, they have a guide for that. Want to set up proper Send-As from Gmail using their SMTP server? There’s a guide for that. :-)
Looks good but it’s basically another place for my emails to be be stuck at for decades. Maybe I’ll look at the way they route email.
I’ve found some interesting options here, but everyone wants to own your data. Just put it all in our servers, c’mon! It’s free or low price, we’re you centric and not as centric…
Sure. But I want my stuff in my basement server and not in their basement server 😭.
You can just route your outgoing emails through a relay server. I‘ve hosted my own mail server with outgoing traffic going through aws simple email service for over a year now without any problems. You give some data to amazon but only outgoing mails and it is pretty cheap, like 10 cents per month.
