Access IMAP server behind Cloudflare Tunnel


I am trying to set-up an access to IMAP server via Cloudflare Tunnel. In this article [Mail server over Cloudflare tunnel? - Zero Trust / Cloudflare Tunnel - Cloudflare Community](Mail server over Cloudflare tunnel? it says it might be possible.

However, I until now I’m yet to figure out how to do it. I’ve tried to set different params, but still it doesn’t get connected. Otherwise, on the same server the same cloudflared instance already serves several websites which are locally on port 443. So it’s CF->LocalNetwork:443. All works.
The IMAP is on the port 143. And CF->LocalNetwork:143 doesn’t get connected.

Basic telnet shows, of course that there is a connection to CF network, but then it doesn’t get tunneled to IMAP server. The server doesn’t get any incoming connection at all.

Does anyone know is that possible in general? So that the user gets connected to IMAP via ClouflareTunnel.

The way you say “so that the user” sounds to me like you have multiple IMAP users (e.g. different people, likely from connecting from different networks) that require access to that IMAP service?

Each individual person would need to have either the cloudflared tunnel daemon or the WARP program installed, and be logged in to your Zero Trust Team in order to be able to accomplish that.

Arbitrary TCP · Cloudflare Zero Trust docs
Connect private networks · Cloudflare Zero Trust docs

1 Like


Thank you for your comment.

Does it mean, that the CloudflareTunnel is not able to provide the tunnel to IMAP when connecting from different networks?

What we currently have is an ExchangeServer that is behind the CF-Tunnel. And for the standard connection via EWS (Exchange Web Services) and EAS (Exchange ActiveSync) it works perfectly. The EWS and EAS both work like HTTP app.

The cloudflared is just installed on the server and points to the subdomain. Any user from any network can connect to the ExchangeServer via the Tunnel.

And I thought that it might work somehow in a similar way for non-HTTP applications as IMAP as well. Without need to install any additional software on the client side.

To accomplish the goal without the need to install software on the client side, you would, as the thread you linked to also refer to, need to do it through something like Spectrum (which requires an Enterprise plan) and which is able to “proxy” non-HTTP traffic.

1 Like