Back to Community Threads
3
Can I put smartermail behind a proxy (e.g. CloudFlare)
Question asked by Amit Prabhu - 6/14/2022 at 7:00 PM
Unanswered
As in title pretty much. I'm working to reduce my organisation's attack surface from external threats; so far we've made rather successful use of Geo blocking and restricting access to Smartermail's web interface from certain regions. But now as we start using cloudflare for this sort of thing, I wonder if I could just drop cloudflare in front of this so the frontend of our system isn't exposed to the internet? What are the considerations before doing this sort of thing?

6 Replies

Reply to Thread
0
Zach Sylvester Replied
6/15/2022 at 7:17 AM
Employee Post
Hey Amit, 

Thanks for reaching out to the community. I haven't heard of anyone using Cloudflare with SmarterMail. But theoretically, it would be like any other IIS site. 
Looking forward to hearing your results. 

Kind Regards, 

Zach Sylvester

System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Kyle Kerst Replied
6/15/2022 at 9:44 AM
Employee Post
I have used Cloudflare/SmarterMail together and while most of CF's functionality works nicely, the proxying behavior can lead to trouble with SMTP sessions and spam check verifications and so in my own setup I ended up bypassing the HTTPS and other protocol proxies for best results. 
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
I used with my mail server. MX records should not be proxied. In my view, there is no advantage of using Cloudflare for mail servers.
0
Zach Sylvester Replied
6/16/2022 at 10:52 AM
Employee Post
Hey Nageswara, 

Thank you for posting. I agree here with the MX records. But I think that Cloudflare could be beneficial for the web interface. It could help prevent DDOS attacks etc. 

Kind Regards, 

Zach Sylvester

System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Built in DDOS is better than CF's.
0
Lasse B. Replied
9/13/2023 at 1:27 AM
Proxing requests to SmarterMail (eg. to handle some workload on the Webmail) requires SmarterMail to handle the X-Forwarded-For header to get the real IP of the client connecting. Else you just get the IP address of CloudFlare (or your internal proxy) as SmarterMail does not support/handle the X-Forwarded-For header which is a shame. Please implement - it's easy.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Legal Holds and LitigationSmarterMail > Installation and Configuration
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Message Archiving in SmarterMailSmarterMail > Installation and Configuration
Set up Mac mail with IMAPSmarterMail > Desktop and Mobile Synchronization
Overview of EAS vs. MAPI & EWS vs. IMAPSmarterMail > Desktop and Mobile Synchronization