3
Can I put smartermail behind a proxy (e.g. CloudFlare)
Question asked by Amit Prabhu - 6/14/2022 at 7:00 PM
Unanswered
As in title pretty much. I'm working to reduce my organisation's attack surface from external threats; so far we've made rather successful use of Geo blocking and restricting access to Smartermail's web interface from certain regions. But now as we start using cloudflare for this sort of thing, I wonder if I could just drop cloudflare in front of this so the frontend of our system isn't exposed to the internet? What are the considerations before doing this sort of thing?

6 Replies

Reply to Thread
0
Zach Sylvester Replied
Employee Post
Hey Amit, 

Thanks for reaching out to the community. I haven't heard of anyone using Cloudflare with SmarterMail. But theoretically, it would be like any other IIS site. 
Looking forward to hearing your results. 

Kind Regards, 

Zach Sylvester

System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Kyle Kerst Replied
Employee Post
I have used Cloudflare/SmarterMail together and while most of CF's functionality works nicely, the proxying behavior can lead to trouble with SMTP sessions and spam check verifications and so in my own setup I ended up bypassing the HTTPS and other protocol proxies for best results. 
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
I used with my mail server. MX records should not be proxied. In my view, there is no advantage of using Cloudflare for mail servers.
0
Zach Sylvester Replied
Employee Post
Hey Nageswara, 

Thank you for posting. I agree here with the MX records. But I think that Cloudflare could be beneficial for the web interface. It could help prevent DDOS attacks etc. 

Kind Regards, 

Zach Sylvester

System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Built in DDOS is better than CF's.
0
Lasse B. Replied
Proxing requests to SmarterMail (eg. to handle some workload on the Webmail) requires SmarterMail to handle the X-Forwarded-For header to get the real IP of the client connecting. Else you just get the IP address of CloudFlare (or your internal proxy) as SmarterMail does not support/handle the X-Forwarded-For header which is a shame. Please implement - it's easy.

Reply to Thread