I'm using a DNS service and so far I've successfully hid my server's IP address from appearing to the public (including nslookup to all my subdomains).
The only problem is that my server's IP is still showing in the email header of every sent email. Is there a way to hide it from appearing or change it to something else?
I'm using CloudFlare service, as for my email service I'm using qmail.
Why do you want to hide your SMTP server? I don't believe it's possible to hide your IP completely because the receiving server has to know where the connection is coming from for TCP/IP to work (in the same way that your browser has to know an ip address for google.com to load the page). So the receiving server will always know the ip address even if you don't put it in a header.
There are many services that provide SMTP servers if you do not want to use your own and expose it to the world. I'd recommend exploring these options if privacy or security is a concern.
Related
My .Net website uses WebClient to download a resource from another server. I am receiving "403 forbidden" responses from the remote server.
I think there is some sort of firewall issue as the requests work from my home development environment but the same requests are refused when my site is deployed to a web hosting company. I want to find the IP address that the refused requests originate from.
My question is this: is there a way to programatically find the actual source IP Address used by WebClient when it made the request?
I know the public IP address of my website but this might not be the same address WebClient would use for outgoing traffic. Unfortunately I have very limited access to the hosting company shared server and can't see any IIS logs or any other logs of incoming or outgoing traffic. Hence I am trying to get this IP address programatically.
I have seen SO questions on how to request a specific outgoing IP using BindIPEndPointCallback, but none on how to discover an actual actual IP used.
How do you hide an origin server behind CloudFlare and still be able to send transactional emails via providers like Sendgrid, Mailgun, etc.?
My problem is that when I send an email it seems that a Received: from line is always added to the message, revealing my origin server's real IP.
I tried it with Sendgrid, both via JSON API and SMTP endpoints, but it's visible in both cases.
How do you solve this problem?
Are there some transactional email providers which do not append this line?
Do you use some complicated setup with a distributed message queue and a worker running on a different host with different IP, only for sending emails?
Do you connect to the providers via a proxy / VPN? Is there such a thing as proxy for SMTP?
In your case we recommend running your email through a different server. You can find some guidance in this KB article. If your IP is still leaked you should contact Cloudflare support.
Run email on separate server/service If you are running your mail on
the same server as your website, then the attacker can always find
your origin server IP. To close this possible security gap, you can
use an email service on a separate server than your website, whether
through your hosting provider or an outside service (e.g., Google
Apps).
For Mac users:
You can run this command in Terminal to see what IP is being reported
with your MX records:
dig +short $(dig mx +short WEBSITE) For example, if I was concerned
about example.com, I would enter:
dig +short $(dig mx +short example.com) The output will be an IP
address. This is the IP address that an attacker can always find. You
want to make sure this IP address is different that the IP address for
your web server. Otherwise, no matter how many times you change your
web server, if your email is also on the same server, then the
attacker can always find the new IP.
For PC users:
You can run this command in command prompt to see what IP is being
reported with your MX records:
nslookup -q=mx WEBSITE For example, if I was concerned about
example.com, I would enter:
nslookup -q=mx example.com The output will be an IP address. This is
the IP address that an attacker can always find. You want to make sure
this IP address is different that the IP address for your web server.
Otherwise, no matter how many times you change your web server, if
your email is also on the same server, then the attacker can always
find the new IP.
So I have a shared hosting account that uses DirectAdmin. I have a domain that I own that is my live site. I wanted a testing environment too, but since DirectAdmin costs money, instead of setting up a local dev server, I set up a new domain (devsite.org) on my shared host. Since I didn't want to buy another domain name for testing, I just edited the hosts file (C:\Windows\System32\drivers\etc\hosts) pointing devsite.org to my shared IP address.
This works great, until I try to do any kind of work with email on my dev site. What I need to accomplish (and mimic from my live site) is to send an email to announce#devsite.org that is piped to a cgi script (handled through email forwarding in DirectAdmin). However, when I send an email from my gmail, it is undelivered because gmail doesn't know about this made up domain address.
I talked with my hosting company and they said I could set up a local mail server to work around this, but I'm fairly lost in what that means. Does anyone have any input or thoughts or even search terms to google? Is it as simple as editing some hosts file, but for emails?
Any help is appreciated! Thanks.
Gmail won't deliver to your host because it doesn't know what IP address maps to "devsite.org" because you didn't buy "devsite.org" on the public internet. Your host knows which IP address maps to that because you edited the hosts file.
The alternative being suggested is that the mail be sent from your machine, which has the mapping between devsite.org and the IP address you want to associate with that (for private testing). Setting up a mail server so you can send mail from that machine with the altered hosts file is relatively common compared to other server setup tasks, and you can likely find some tutorials online. Did your hosting company mention any specific mail server they suggest setting up?
As another possible alternative, have you tried emailing that address but replacing "devsite.org" with the public IP address of the server, in the e-mail address?
Im just wondering, can 2 or more different external hostname/DNS redirect to multiple local servers but same port?
Let's see, I have 2 DNS internet domain for an example, myserver1.com and myserver2.com, and both I have same A record to my forwarded server IP (e.g: 102.123.123.123). Under my server which only has 102.123.123.123 IP address has 2 application servers but instead of trying to make they work, I use different port for each server applications for an example, serverApp1 listening to 0.0.0.0:2010, serverApp2 listening to 0.0.0.0:2020
My point is, is there any way or how to forward my myserver1.com:2000 to serverApp1 (port 2010), and myserver2.com:2000 to serverApp2 (port 2020) but both myserver1.com and myserver2.com has a same A record?
Im quite sure either it is in iptables or /etc/hosts or BIND issues, but guide me if I missed something. And by the way, the servers and DNS records are accessible from the internet which is the firewalls are configured properly. Thanks.
I don't have much experience in that, but I think you will need a third server/firewall/proxy listening for the incoming host and route it accordingly.
Again, I don't have much experience in that, so I'm not sure if the firewall is able to do that.
I think you can use redirection servers like apache.
In my application we want to access lot of intranet servers from internet. So what we did, we configured a apache with all the mappings in httpd.
So when ever a request to apache comes, it will be redirected appropriately.
For example - I have two servers or hostname in intranet : 1) abc.com:7300/context1
2) xyz.com:8900/context2
We configured a apache with host name abcxyz.com:9000. When a request like
abcxyz.com:9000/context1 comes it will be redirected to abc.com:7300/context1 and when a request like abcxyz.com:9000/context2 comes it will be redirected to xyz.com:8900/context2.
In your case since the requests are going through the single server (102.123.123.123), you can use redirection.
Hope it helps.
I've recently setup my Ubuntu web server with exim4 so my PHP website applications can send email such as "thank you" and "confirmation" notices.
I've got it setup and working such that I can send email to gmail, Yahoo! and my work address. However, my work email gets caught up in our spam filter. I'm new to setting up mail servers so I'm not sure what I might need to look for in making this mail server more trusted, while keeping is secure.
Here are some details:
Server is NATed behind a firewall.
Firewall has port 25 open for outgoing SMTP traffic (from server to anywhere).
Server is virtual hosting a couple different of our websites
The server is running the following exim4 config:
dc_eximconfig_configtype='internet'
dc_other_hostnames='web-serv.example1.com;example2.com'
dc_local_interfacees='127.0.0.1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='' dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
Questions:
Do I need to open port 25 to incoming SMTP mail (anywhere to server)? I wonder if other mail servers need to talk to my mail server to verify itself, in a sort of handshake attempt.
I have not created any MX records primarily because the server has different websites on it the mail server should send mail for all the websites. Do I need to pick/create a domain address and create MX records for it?
One thing of note is that the mail headers look like this:
Return-Path: <www-data#example2.com>
Received: from web-serv.example1.com ([Firewall public IP Address])
Received-SPF: neutral (google.com: [Firewall public IP Address] is neither permitted nor denied by best guess record for domain of www-data#example2.com)
"web-serv" is the host name of the server, such that you get this if you type it into the command line:
$ hostname
web-serv
and "www-data" is the account name for the Apache2 server that Ubuntu gave it as default.
Any other general advice would be appreciated. It's all new to me.
Cheers!
One item of note, since I posted this question time time ago (almost 10 months) is that I found out the biggest issue I had was with setting up the DNS for reverse DNS on our hosting providers side of things.
In other words, our hosting provider (the people who give us our IP address and manage our hardware) had to enter a record to match my server(s) hostname to whatever IP address it used.
There's a specific name for this. I believe it's a "PTR" record but the name escapes me at the moment, but you basically tell them "my server hostname is ..." and they do a quick update to the DNS for reverse DNS purposes.
When I asked this question, we had a different hosting provider who didn't really help explain this to me, and after switching providers, I got to talk to someone who was happy to help me understand that side of the equation.
And as I understand it, this is setup by the people who assign you the IP addresses. But there's probably more to it than that.
Once I got that setup properly, email had no problem getting through the spam filters and Gmail/Yahoo showed SPF as "passed". It was showing neutral before.
Our company email was set to drop any email that would not resolve reverse DNS, which is why I could not even receive the email or find it in the spam filter. Of course, that situation would be dependent on the company and what email policy and software they're using to manage spam. Some might just drop all email that does not reverse DNS and some might dump it in to spam filters instead.
Hope that might help some people with similar issues.
Cheers!