Portal Home > Knowledgebase > Articles Database > Hiding Outgoing email IP
Hiding Outgoing email IP
| Posted by WojonsTech, 10-05-2013, 09:04 AM |
| Currently I use mandrillapp for sending my email but noticed that my ip address for my server is still listed in the source of the email. I know i could setup a different server to handle all my email sending (already queue all emails) But the idea would be nice if I dont have to list any of my ip adresses when sending emails when using a service to send emails for me. Does any one have any suggestions.
|
| Posted by Wintereise, 10-05-2013, 09:12 AM |
| Every single SaaS email app does this to offer email server admins a way to block you altogether without having to disrupt any of their other clients.
You're probably out of luck.
|
| Posted by WojonsTech, 10-05-2013, 09:14 AM |
| So you would suggest that I standup a cloud or vps server and let it do all my email sending for?
|
| Posted by Wintereise, 10-05-2013, 09:28 AM |
| I would reconsider my needs for such a setup, firstly.
But if it's an absolute necessity, and this might even be borderline 'spammy,' GRE tunnels/VMs that route your mails will be an easy exit.
|
| Posted by WojonsTech, 10-05-2013, 10:03 AM |
| I am developing a SAAS application. Currently I am useing cloudflare for a lot of the hiding of my ip addresses and so on. After looking up how to get around them Email seems to be something that I am vunrnable to. I am not to worried about script kiddies as i am that my compiteres will try to take down my service.
|
| Posted by gPowerHost, 10-05-2013, 12:57 PM |
| It is bad practice to mask or hide your sending IP for email. Avoid such. Better practice is to isolate the mail function to a server that can be truthful. IP obfuscation, is what spammers do. You will be seen as a spammer and your email will not be respected. There is a purpose for the IP and that is so mailservers can determine who you are. Hiding + Email = Not Good Ever!
|
| Posted by WojonsTech, 10-05-2013, 01:47 PM |
| Is there an issue to having a dedicated server that handles email. Is that considered hiding? When I say dedicated i mean a dedicated, vps, cloud or something and its only feature is to send emails its not part of the http group or anything? I am guessing if That is okay then i need to get the smpt port open or something like that?
|
| Posted by Steven, 10-05-2013, 02:04 PM |
| If you get a dedicated email server you can do something like this?:
http://major.io/2013/04/14/remove-se...-with-postfix/
and then relay the email over. We have successfully done something like this for people who's sites were under massive attacks and were paying cloudflare for protection.
|
| Posted by gPowerHost, 10-05-2013, 02:04 PM |
| Sure. The masking you want to do is presumably to keep some application safe, or not known by IP. I get that. So just put your mail elsewhere and use whatever IP you get. Setup rDNS and PTR records on your mailserver. Assuming you are not hiding your domain, your mailserver box might be mail.yourdomain.com and the IP is whatever your host gives you. Setup your DNS and SOA authoritatively, and ask upstream provider to set your PTR record to mail.yourdomain.com with rDNS match to your IP. Nothing hidden here. Everything setup by the book. It just so happens that yourdomain.com and mail.yourdomain.com are possibly two boxes next to each other or located half way around the planet. No way to tell.
Last edited by gPowerHost; 10-05-2013 at 02:05 PM.
Reason: typo
|
| Posted by WojonsTech, 10-05-2013, 02:17 PM |
| Yeah i have done some reading on stuff like this. Currently since I am using mandrill api and all my emails are already in a queue it would just be a while look script to run on a different server. But this defently gets me off being part of mandrill's rep
|
| Posted by WojonsTech, 10-05-2013, 02:29 PM |
| This is pretty much how it works when I use mandril i have all the ptr records and so on setup the only differenace is i am running the sending mail script on the same host and ip as the site and mandrill is reporting that
|
| Posted by Joe262, 10-05-2013, 03:56 PM |
| Instead of hiding your IP, firewall it.
Configure your firewall so that only you, Cloudflare, and mandrill can access it directly.
|
| Posted by WojonsTech, 10-05-2013, 09:55 PM |
| That stops random people from connecting to i and some low ddos attacks. But does not protect from a real ddos and knowing my ip addresses.
|
| Posted by acegilz, 01-08-2015, 11:40 PM |
| how would the ddos be effective if all ports block the traffic?
|
| Posted by sgtc, 01-09-2015, 12:30 AM |
| That's the beauty of the denial of service attack. I don't even have to really "connect" to you to stop others from connecting to you.
Firewall me at your server and I'll saturate the 100mbps port it's connected to.
Firewall me at your Firewall and I'll saturate the 10gbps port it's connected to.
Firewall me where the fiber enters the building and i'll saturate that.
If you don't believe it's possible, look at the specs on your datacenter's connections and consider that CloudFlare has reported DDOS attacks in the hundreds of gigabits per second range.
|
| Posted by acegilz, 01-09-2015, 12:40 AM |
| thats really impressive.
What should i expect the free package of cloudflare to handle +-? 100mb? 200mbit?
|
Add to Favourites 
Print this Article
Also Read
