Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Bitcoin SMTP
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Bitcoin SMTP

edited December 2019 in General

Example: https://luxsci.com/extranet/info/email-smtp-anon.html

Anyone know of other providers like the one above? Please don't suggest Amazon SES.

Where can I find an SMTP service that scrubs all email headers including origin IP? This is to prevent DDOS. Currently, the backend server IP is shown in email headers when users get welcome mail or forgot password mail. This is no good as hackers can therefore bypass my DDOS protection I have in place. I also need provider to accept Bitcoin or cryptocurrency. This will NOT be used for spam, that I can guarantee. It will be solely used for transactional emails for a privacy conscious community.

I'd say only a couple hundred emails per day will likely to be sent. Like I said, I'm NOT in the spam game, user generated emails only!

Comments

  • SES and Mailchimp both do not send origin IP along.

  • jarjar Patron Provider, Top Host, Veteran
    edited December 2019

    I remove a received header on remote delivery. So if you're sending to someone remote (ie. not from a@domaina to b@domaina) the original received header showing the system that sent it to my server should be absent. I also accept crypto. Don't get me blacklisted and we're best friends.

    (me = MXroute)

  • NebesNebes Member
    edited December 2019

    It is impossible to hide ip from ddos, just two cents, so no sense to care about ip in headers.

  • WebProjectWebProject Host Rep, Veteran

    SES is the best, very easy to setup and monitor any issues like health of account and billing.

  • jarjar Patron Provider, Top Host, Veteran

    @Nebes said:
    It is impossible to hide ip from ddos, just two cents, so no sense to care about ip in headers.

    backend server > frontend server > client

    Client sees frontend server. Client attacks frontend, backend protected. But if backend sends email, instead of the frontend sending it, backend IP gets written in a received header and exposed.

  • @jar said:

    @Nebes said:
    It is impossible to hide ip from ddos, just two cents, so no sense to care about ip in headers.

    backend server > frontend server > client

    Client sees frontend server. Client attacks frontend, backend protected. But if backend sends email, instead of the frontend sending it, backend IP gets written in a received header and exposed.

    ^ jar has perfectly described our problem :-)

  • @jar said:

    @Nebes said:
    It is impossible to hide ip from ddos, just two cents, so no sense to care about ip in headers.

    backend server > frontend server > client

    Client sees frontend server. Client attacks frontend, backend protected. But if backend sends email, instead of the frontend sending it, backend IP gets written in a received header and exposed.

    It is impossible to hide backend server from attack, to hide ip in the email and think that you are safe hm...

  • Nebes said: It is impossible to hide backend server from attack

    I have backend servers that aren't even globally routable other than to/from Akamai...

  • jarjar Patron Provider, Top Host, Veteran

    @Nebes said:

    @jar said:

    @Nebes said:
    It is impossible to hide ip from ddos, just two cents, so no sense to care about ip in headers.

    backend server > frontend server > client

    Client sees frontend server. Client attacks frontend, backend protected. But if backend sends email, instead of the frontend sending it, backend IP gets written in a received header and exposed.

    It is impossible to hide backend server from attack, to hide ip in the email and think that you are safe hm...

    Firewall off all access on the back end so that it can only communicate with the frontend. How would you intend to find the back end IP in this average, totally normal setup?

  • NebesNebes Member
    edited December 2019

    @jar said:

    @Nebes said:

    @jar said:

    @Nebes said:
    It is impossible to hide ip from ddos, just two cents, so no sense to care about ip in headers.

    backend server > frontend server > client

    Client sees frontend server. Client attacks frontend, backend protected. But if backend sends email, instead of the frontend sending it, backend IP gets written in a received header and exposed.

    It is impossible to hide backend server from attack, to hide ip in the email and think that you are safe hm...

    Firewall off all access on the back end so that it can only communicate with the frontend. How would you intend to find the back end IP in this average, totally normal setup?

    Have no ideas but it cost from 7$ per hour just google it. Just edit - of course i am talking about web servers or anything online.

  • jarjar Patron Provider, Top Host, Veteran
    edited December 2019

    Nebes said: Have no ideas but it cost from 7$ per hour just google it. Just edit - of course i am talking about web servers or anything online.

    That an IP exists isn't hidden of course, but how many people hit 0.0.0.0/0 when trying to bring down one website? Not even state actors go that far. If the content is on 1.1.1.1 and the frontend is at 1.1.1.2, and 1.1.1.1 only communicates with 1.1.1.2, you'll never be able to confirm that the data is hosted on 1.1.1.1 unless the server leaks it's IP, because the clients are all hitting 1.1.1.2. This is something you can protect against.

  • NebesNebes Member
    edited December 2019

    @jar said:

    Nebes said: Have no ideas but it cost from 7$ per hour just google it. Just edit - of course i am talking about web servers or anything online.

    That an IP exists isn't hidden of course, but how many people hit 0.0.0.0/0 when trying to bring down one website? Not even state actors go that far. If the content is on 1.1.1.1 and the frontend is at 1.1.1.2, and 1.1.1.1 only communicates with 1.1.1.2, you'll never be able to confirm that the data is hosted on 1.1.1.1 unless the server leaks it's IP, because the clients are all hitting 1.1.1.2. This is something you can protect against.

    But in above case the problem that 1.1.1.2 is sending emails and NOT 1.1.1.1 that is what I can't understand )) it's like ABC for me

    Damn i give up ))

  • jarjar Patron Provider, Top Host, Veteran

    Nebes said: But in above case the problem that 1.1.1.2 is sending emails and NOT 1.1.1.1 that is what I can't understand )) it's like ABC for me

    Let's say the client hits port 80 on 1.1.1.2. It uses reverse proxy to pull the data from 1.1.1.1 and serve it to the client, over their connection with 1.1.1.2. But the software is on 1.1.1.1, so when the software initiates an email send the address making the outbound connection is actually 1.1.1.1. If that makes sense :)

    This is typical of a load balanced setup or a GRE tunnel used for DDOS protection.

    Thanked by 1Nebes
  • Is there an easy way to setup my own SMTP server/relay that strips out email headers and origin IP? Like is there a script or software you suggest that can do this? Maybe I can run my own SMTP server/relay on a DDOS protected spare VM I have laying around? I have heard of things like https://mailcow.email but it seems like way more features than what I need.

  • @theblackesthat said:
    Is there an easy way to setup my own SMTP server/relay that strips out email headers and origin IP? Like is there a script or software you suggest that can do this? Maybe I can run my own SMTP server/relay on a DDOS protected spare VM I have laying around? I have heard of things like https://mailcow.email but it seems like way more features than what I need.

    Isn't this pretty easy to do with postfix header checks?

    echo "/^Received: by/ IGNORE" >> /etc/postfix/header_checks
    echo "/^Received: from/ IGNORE" >> /etc/postfix/header_checks
    echo "header_checks = regexp:/etc/postfix/header_checks" >> /etc/postfix/main.cf
    postfix reload
    

    This is for outbound, if your same server is taking inbound, then switch it on in master.cf.

  • SplitIceSplitIce Member, Host Rep

    Gsuite & Gmail don't send the source IP address.

Sign In or Register to comment.