MX Records Security

So my site is more subject to attacks than most and my top priority is keeping my origin IP hidden to prevent DDoS attacks on my origin.

Currently my MX points to a sub domain that is proxied through cloudflare and it appears to be working just fine, but I can’t seem to use that domain for IMAP connections.

How can I allow people to connect to my domain using IMAP / POP clients without exposing my origin IP?

You can’t because Cloudflare by default supports only HTTP/HTTPS traffic on specific ports. The IP for IMAP, SMTP, POP, SSH, etc. needs to be direct.

Note that the actual MX record will point to a different record created automatically which exposes the IP directly for the very specific reason above.

The solution (apart from the usual recommended one: get a third party provider) would be to move up to the ENT plan with Spectrum, but that is very expensive.

3 Likes

Outside of Spectrum, my suggestion is to move to a hosted email provider since then they (Google or Microsoft) use their own anti-ddos mechanisms and it reduces your overhead of dealing with running a full email server.

3 Likes

Thank you guys for your feedback. I was trying to avoid outsourcing my email servers but I guess that’s the best solution. I know that my server can handle DDoS attacks but was just trying to add another layer of security.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.