Hey Amit, 

Thanks for reaching out to the community. I haven't heard of anyone using Cloudflare with SmarterMail. But theoretically, it would be like any other IIS site. 

Looking forward to hearing your results. 

Kind Regards, 

I have used Cloudflare/SmarterMail together and while most of CF's functionality works nicely, the proxying behavior can lead to trouble with SMTP sessions and spam check verifications and so in my own setup I ended up bypassing the HTTPS and other protocol proxies for best results. 

I used with my mail server. MX records should not be proxied. In my view, there is no advantage of using Cloudflare for mail servers.

Hey Nageswara, 

Thank you for posting. I agree here with the MX records. But I think that Cloudflare could be beneficial for the web interface. It could help prevent DDOS attacks etc. 

Kind Regards, 

Built in DDOS is better than CF's.

Proxing requests to SmarterMail (eg. to handle some workload on the Webmail) requires SmarterMail to handle the X-Forwarded-For header to get the real IP of the client connecting. Else you just get the IP address of CloudFlare (or your internal proxy) as SmarterMail does not support/handle the X-Forwarded-For header which is a shame. Please implement - it's easy.

Hi SmarterTools

Have a look at the following description on how to implement support for proxies and the X-Forwarded-For header in the newest version of SmarterMail (.NET 8), so logging, displaying etc. of the reel clients IP address are correct whenever the client are jumping through Cloudflare, HA Proxies etc:

Configure services for Mailservice.exe:
    services.Configure<ForwardedHeadersOptions>(options =>
    {
        var knownProxyNetworks = configuration.GetValue("KnownProxyNetworks", "").Split(new[]{',',';'}, StringSplitOptions.RemoveEmptyEntries);
        var networkList = knownProxyNetworks.Select(x => x.ToIpNetwork());

        options.ForwardedHeaders = ForwardedHeaders.All;
        options.KnownNetworks.AddRange(networkList);
    });

app.UseForwardedHeaders();

public static class NetworkExtensions
{
    public static IPNetwork ToIpNetwork(this string cidr)
    {
        try
        {
            var delimiterIndex = cidr.IndexOf('/');
            var ipSubnet = cidr.Substring(0, delimiterIndex);
            var mask = cidr.Substring(delimiterIndex + 1);
            var prefixLength = int.Parse(mask);

            var subnetAddress = IPAddress.Parse(ipSubnet);

            return new IPNetwork(subnetAddress, prefixLength);
        }
        catch
        {
            return new IPNetwork(IPAddress.Parse("127.0.0.1"), 32);
        }
    }
}

This is needed so not everyone can inject a fake IP in the X-Forwarded-For header.
So now you just need to pull the "KnownProxyNetworks" value from the system configuration :)
Eg. KnownProxyNetworks = "192.168.10.5/32;192.168.10.13/32"