SMTP not working when Cname proxied

When I set the cname for mail.example.com to proxied, as recommended, my website is unable to send out mail using the Post SMTP plugin. The connectivity test shows unable to connect.

As soon as I set the cname to dns-only, it works fine. But I would prefer to have it proxied to hide the ip.

Do I have some settings incorrect?

No, you do not. Cloudflare doesn’t proxy SMTP traffic unless you use Spectrum on an Enterprise plan.

https://developers.cloudflare.com/fundamentals/reference/network-ports/

2 Likes

Makes sense. So I guess I can’t hide my ip if I want to continue using the smtp plugin?

Just curious how much “exposure” I really have with that dns-only cname record? After all, spf record also has the ip, although that would require actually reading the txt record vs. just doing the lookup on the cname.

What someone can do is guess that you might have a mail DNS entry and look that up, then see if that address also listens on ports 80/443. Then they have the address of your web server. mail is a pretty easy one to guess and is definitely something anyone targeting you will check for.

You can decide how much of a problem this is for you.

You say you’re using this to send email; does that mean you’re not receiving email on that server at all? If that’s the case then this gets a lot easier.

If it’s a send-only setup, then there is no reason at all you need to have that mail DNS entry. That name exists so you can put it in your Wordpress settings for the SMTP plugin, right? Nothing else is using it. So for starters you could name it yourmom.example.com just as easily, and put that in your settings, and then people wouldn’t be able to guess it. You would have to change the DNS record and change the configuration of the email server, to use the new name. (Again, this is assuming it’s a send-only setup.)

You can also do tricks like having the mail server only listen on a local IP address and have the Wordpress plugin connect to that instead, but that’s getting into more sysadmin stuff, so if you don’t know what I mean by that, that’s probably not something you’ll be able to set up yourself.

3 Likes

@i40west yes, that’s exactly what I need, thank you for the info!

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.