Forwarded emails are not from published IP ranges

I’m configuring the firewall on our server for receiving mails from Cloudflare. Recently, there is a firewall log about rejecting a connection from 104.30.8.153 to port 25. IP Ranges does not have a CIDR range for that IP. Is there something wrong?

The IPs on that site are those used by the proxy service.

To find the IPs used by email forwarding, you can check the SPF record:

dig +short _spf.mx.cloudflare.net txt
"v=spf1 ip4:104.30.0.0/19 ip6:2405:8100:c000::/38 ~all"

IPs are also listed here: Postmaster · Cloudflare Email Routing docs

Though the documentation only shows a /20, while the SPF record has a /19.

2 Likes

Got it, thank you very much!

Though the documentation only shows a /20, while the SPF record has a /19.

Hmm, hope Cloudflare will update either documentation or the SPF record. I will use the larger range for now.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.