There should be no changes to SmarterMail itself, we run Cloudflare on several other Apache based servers, and in that case you add remote_ip to the Apache config and then it passes the real ip to the vhosts, it seems that IIS is similar.
This is the web.config.
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="REMOTE_ADDR" />
</allowedServerVariables>
<rules>
<rule name="Rewrite CF IP to REMOTE_ADDR">
<match url=".*" />
<serverVariables>
<set name="REMOTE_ADDR" value="{HTTP_CF_CONNECTING_IP}" />
</serverVariables>
<action type="None" />
</rule>
</rules>
</rewrite>
</system.webServer>Note there are requirements.
- URL Rewrite module required - This must be installed on your IIS server. You can get it from the Microsoft Web Platform Installer or download it directly.
- The
allowedServerVariables section - You need to explicitly allow REMOTE_ADDR to be overwritten. This can also be configured at the server level in IIS Manager under URL Rewrite → View Server Variables → Add. - Header name format - Cloudflare sends
CF-Connecting-IP, but in IIS server variables, hyphens become underscores and it's prefixed with HTTP_, so it becomes HTTP_CF_CONNECTING_I
Then you need another section to block non CF ip's from connecting, whitelist your own static ips here too.
<system.webServer>
<security>
<ipSecurity allowUnlisted="false" denyAction="Forbidden">
<!-- Cloudflare IPv4 ranges -->
<add allowed="true" ipAddress="173.245.48.0" subnetMask="255.255.240.0" />
<add allowed="true" ipAddress="103.21.244.0" subnetMask="255.255.252.0" />
<add allowed="true" ipAddress="103.22.200.0" subnetMask="255.255.252.0" />
<add allowed="true" ipAddress="103.31.4.0" subnetMask="255.255.252.0" />
<add allowed="true" ipAddress="141.101.64.0" subnetMask="255.255.192.0" />
<add allowed="true" ipAddress="108.162.192.0" subnetMask="255.255.192.0" />
<add allowed="true" ipAddress="190.93.240.0" subnetMask="255.255.240.0" />
<add allowed="true" ipAddress="188.114.96.0" subnetMask="255.255.240.0" />
<add allowed="true" ipAddress="197.234.240.0" subnetMask="255.255.252.0" />
<add allowed="true" ipAddress="198.41.128.0" subnetMask="255.255.128.0" />
<add allowed="true" ipAddress="162.158.0.0" subnetMask="255.254.0.0" />
<add allowed="true" ipAddress="104.16.0.0" subnetMask="255.248.0.0" />
<add allowed="true" ipAddress="104.24.0.0" subnetMask="255.252.0.0" />
<add allowed="true" ipAddress="172.64.0.0" subnetMask="255.248.0.0" />
<add allowed="true" ipAddress="131.0.72.0" subnetMask="255.255.252.0" />
<!-- Add localhost if needed for local testing -->
<add allowed="true" ipAddress="127.0.0.1" subnetMask="255.255.255.255" />
</ipSecurity>
</security>
</system.webServer>More requirements:
1. Install the IP and Domain Restrictions role
2. Unlock the ipSecurity section