Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Bitcoin SMTP
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Bitcoin SMTP

    edited December 2 in General

    Example: https://luxsci.com/extranet/info/email-smtp-anon.html

    Anyone know of other providers like the one above? Please don't suggest Amazon SES.

    Where can I find an SMTP service that scrubs all email headers including origin IP? This is to prevent DDOS. Currently, the backend server IP is shown in email headers when users get welcome mail or forgot password mail. This is no good as hackers can therefore bypass my DDOS protection I have in place. I also need provider to accept Bitcoin or cryptocurrency. This will NOT be used for spam, that I can guarantee. It will be solely used for transactional emails for a privacy conscious community.

    I'd say only a couple hundred emails per day will likely to be sent. Like I said, I'm NOT in the spam game, user generated emails only!

    Comments

    • hzrhzr Member, Moderator

      SES and Mailchimp both do not send origin IP along.

    • jarjar Provider
      edited December 2

      I remove a received header on remote delivery. So if you're sending to someone remote (ie. not from [email protected] to [email protected]) the original received header showing the system that sent it to my server should be absent. I also accept crypto. Don't get me blacklisted and we're best friends.

      (me = MXroute)

      HB | Block AS9009 (M247) for unfiltered abuse and ignoring abuse complaints

    • NebesNebes Member
      edited December 2

      It is impossible to hide ip from ddos, just two cents, so no sense to care about ip in headers.

    • WebProjectWebProject Member, Provider

      SES is the best, very easy to setup and monitor any issues like health of account and billing.

      VPS Price Match Guarantee on: All our range of DDOS protected XEN-HVM VPS Plans
      Are you looking for best price for self-managed VPS? See WebProVPS website for more details.
    • jarjar Provider

      @Nebes said:
      It is impossible to hide ip from ddos, just two cents, so no sense to care about ip in headers.

      backend server > frontend server > client

      Client sees frontend server. Client attacks frontend, backend protected. But if backend sends email, instead of the frontend sending it, backend IP gets written in a received header and exposed.

      HB | Block AS9009 (M247) for unfiltered abuse and ignoring abuse complaints

    • @jar said:

      @Nebes said:
      It is impossible to hide ip from ddos, just two cents, so no sense to care about ip in headers.

      backend server > frontend server > client

      Client sees frontend server. Client attacks frontend, backend protected. But if backend sends email, instead of the frontend sending it, backend IP gets written in a received header and exposed.

      ^ jar has perfectly described our problem :-)

    • NebesNebes Member

      @jar said:

      @Nebes said:
      It is impossible to hide ip from ddos, just two cents, so no sense to care about ip in headers.

      backend server > frontend server > client

      Client sees frontend server. Client attacks frontend, backend protected. But if backend sends email, instead of the frontend sending it, backend IP gets written in a received header and exposed.

      It is impossible to hide backend server from attack, to hide ip in the email and think that you are safe hm...

    • hzrhzr Member, Moderator

      Nebes said: It is impossible to hide backend server from attack

      I have backend servers that aren't even globally routable other than to/from Akamai...

    • jarjar Provider

      @Nebes said:

      @jar said:

      @Nebes said:
      It is impossible to hide ip from ddos, just two cents, so no sense to care about ip in headers.

      backend server > frontend server > client

      Client sees frontend server. Client attacks frontend, backend protected. But if backend sends email, instead of the frontend sending it, backend IP gets written in a received header and exposed.

      It is impossible to hide backend server from attack, to hide ip in the email and think that you are safe hm...

      Firewall off all access on the back end so that it can only communicate with the frontend. How would you intend to find the back end IP in this average, totally normal setup?

      HB | Block AS9009 (M247) for unfiltered abuse and ignoring abuse complaints

    • NebesNebes Member
      edited December 2

      @jar said:

      @Nebes said:

      @jar said:

      @Nebes said:
      It is impossible to hide ip from ddos, just two cents, so no sense to care about ip in headers.

      backend server > frontend server > client

      Client sees frontend server. Client attacks frontend, backend protected. But if backend sends email, instead of the frontend sending it, backend IP gets written in a received header and exposed.

      It is impossible to hide backend server from attack, to hide ip in the email and think that you are safe hm...

      Firewall off all access on the back end so that it can only communicate with the frontend. How would you intend to find the back end IP in this average, totally normal setup?

      Have no ideas but it cost from 7$ per hour just google it. Just edit - of course i am talking about web servers or anything online.

    • jarjar Provider
      edited December 2

      Nebes said: Have no ideas but it cost from 7$ per hour just google it. Just edit - of course i am talking about web servers or anything online.

      That an IP exists isn't hidden of course, but how many people hit 0.0.0.0/0 when trying to bring down one website? Not even state actors go that far. If the content is on 1.1.1.1 and the frontend is at 1.1.1.2, and 1.1.1.1 only communicates with 1.1.1.2, you'll never be able to confirm that the data is hosted on 1.1.1.1 unless the server leaks it's IP, because the clients are all hitting 1.1.1.2. This is something you can protect against.

      HB | Block AS9009 (M247) for unfiltered abuse and ignoring abuse complaints

    • NebesNebes Member
      edited December 2

      @jar said:

      Nebes said: Have no ideas but it cost from 7$ per hour just google it. Just edit - of course i am talking about web servers or anything online.

      That an IP exists isn't hidden of course, but how many people hit 0.0.0.0/0 when trying to bring down one website? Not even state actors go that far. If the content is on 1.1.1.1 and the frontend is at 1.1.1.2, and 1.1.1.1 only communicates with 1.1.1.2, you'll never be able to confirm that the data is hosted on 1.1.1.1 unless the server leaks it's IP, because the clients are all hitting 1.1.1.2. This is something you can protect against.

      But in above case the problem that 1.1.1.2 is sending emails and NOT 1.1.1.1 that is what I can't understand )) it's like ABC for me

      Damn i give up ))

    • jarjar Provider

      Nebes said: But in above case the problem that 1.1.1.2 is sending emails and NOT 1.1.1.1 that is what I can't understand )) it's like ABC for me

      Let's say the client hits port 80 on 1.1.1.2. It uses reverse proxy to pull the data from 1.1.1.1 and serve it to the client, over their connection with 1.1.1.2. But the software is on 1.1.1.1, so when the software initiates an email send the address making the outbound connection is actually 1.1.1.1. If that makes sense :)

      This is typical of a load balanced setup or a GRE tunnel used for DDOS protection.

      Thanked by 1Nebes

      HB | Block AS9009 (M247) for unfiltered abuse and ignoring abuse complaints

    • Is there an easy way to setup my own SMTP server/relay that strips out email headers and origin IP? Like is there a script or software you suggest that can do this? Maybe I can run my own SMTP server/relay on a DDOS protected spare VM I have laying around? I have heard of things like https://mailcow.email but it seems like way more features than what I need.

    • @theblackesthat said:
      Is there an easy way to setup my own SMTP server/relay that strips out email headers and origin IP? Like is there a script or software you suggest that can do this? Maybe I can run my own SMTP server/relay on a DDOS protected spare VM I have laying around? I have heard of things like https://mailcow.email but it seems like way more features than what I need.

      Isn't this pretty easy to do with postfix header checks?

      echo "/^Received: by/ IGNORE" >> /etc/postfix/header_checks
      echo "/^Received: from/ IGNORE" >> /etc/postfix/header_checks
      echo "header_checks = regexp:/etc/postfix/header_checks" >> /etc/postfix/main.cf
      postfix reload
      

      This is for outbound, if your same server is taking inbound, then switch it on in master.cf.

    • SplitIceSplitIce Member, Provider

      Gsuite & Gmail don't send the source IP address.

      X4B - DDoS Protection: Affordable Anycast DDoS protection including Layer 7 mitigation with PoPs in the US, EU and Asia.
      Latest Offer: Black Friday 2019 Offer
    Sign In or Register to comment.