What is the name of the domain?
What is the issue you’re encountering
After my mail server suffered numerous attacks and was exploited to send spam, I decided to use Cloudflare’s Email Routing feature as a relay for receiving emails, while configuring the server firewall to block all connections to port 25 except those from Cloudflare. This is to prevent my server from being attacked. While this solution is theoretically feasible, I encountered some problems during deployment. I used UFW to configure the firewall, and Cloudflare’s API to fetch their IPs. Then, I executed ufw allow from $ip to any port 25 through a script. However, after these steps, my server was unable to receive forwarded emails sent by Cloudflare. Based on the tcpdump log entry: 07:03:22.447110 IP ba-bic.cloudflare-email.net.13603 > mail.mydomain.com.smtp: Flags [S], seq 3197331736, win 65535, options [mss 1380,sackOK,TS val 2835309161 ecr 0,nop,wscale 13], length 0, it seems the connection was never established successfully. However, my configuration on Cloudflare should be correct, because when I execute ufw allow 25, I am able to receive emails forwarded by Cloudflare. Nonetheless, this doesn’t meet my goal of securing the server. I also confirmed that the ba-bic.cloudflare-email.net IP is included in Cloudflare’s IP range. So how can I implement my solution to allow only Cloudflare while achieving proper functionality?Is there any misconfiguration in my setup?