Cloudflare Proxy

Techout

Hey there! I’ve just completed the MailCow installation, however, I’m wondering if it’s possible to hide the server’s IPv4 & IPv6 address to prevent attacks and such things with Cloudflare or anything similar.

Any suggestions are greatly appreciated.

Sincerely,
Jean F.

pkernstock

To my knowledge it’s only possible with Cloudflares’ Enterprise plan, which starts at about 5000 per month (from what I’ve read like 3 years ago). With all other plans, you need to disable the proxy as it doesn’t passthrough SMTP/POP3/IMAP, needed for a mailserver, or mailcow in this case.

Techout

pkernstock Would I be able to proxy the Web UI only & leave the other records unproxied? Or, possibly change the SMTP/POP3/IMAP ports to something CF allows?

pkernstock

tl;dr: No.

You can only change this on a subdomain basis, so either mail.domain.tld goes through Cloudflare or not. So not, you can’t set that for specific ports. Also Cloudflare does, to my knowledge, not allow non-HTTP-traffic to bypass.

If you change the SMTP port to something else, nobody is able to send you emails as TCP/25 is always being used by othe rmailservers.

Techout

Ah I see, any tips on preventing DDoS attacks? Currently using Hetzner Cloud & as you may know, their DDoS protection isn’t entirely the best, however, it works for basic attacks.