springcomp
commented
3 months ago That’s a good point. I’m not so knowledgeable about network unfortunately. Do you have a workaround or guidance that I could look into ?
Open satoshinotdead opened 3 months ago
springcomp
commented
3 months ago That’s a good point. I’m not so knowledgeable about network unfortunately. Do you have a workaround or guidance that I could look into ?
satoshinotdead
commented
3 months ago Well, I would bet that my knowledge on the subject is much less than yours, but from what I understand, the MX record is public. Routing it to the base domain (behind a proxy) would expose the IP address because it can't be hidden behind the proxy.
When using an outsourced email service, the CNAME or MX records are pointed to a different IP address. This prevents exposing the IP address of the server that manages the DNS, which, in this case, also hosts the other services.
I'm not entirely sure how to handle this, but using SL requires a certain level of privacy that unfortunately we're currently missing here.
More context: https://developers.cloudflare.com/dns/manage-dns-records/troubleshooting/exposed-ip-address/
I wonder if it's a good idea to point MX from root domain to app (simple-login) because it seems to expose the IP in those who are using Cloudflare on our domains.
It's this behavior something expected?
PS = Thanks for this fantastic guide!