How to prevent exposing origin IP address on Cloudflare?

security ip cdn cloudflare
user1995781 picture user1995781 · Apr 12, 2016 · Viewed 14.3k times · Source

On Cloudflare DNS setting page it state that An A, AAAA, CNAME, or MX record is pointed to your origin server exposing your origin IP address.

I have an MX record on my domain pointing to mail.mydomain.com. I believe it is something needed for the mail to work. How can I prevent it from exposing my origin IP address?

Answer

BinaryEvolved picture BinaryEvolved · Apr 13, 2016

CloudFlare forwards your traffic through their network by replacing the IP in DNS records with CloudFlare's IP. This process works well in all situation except mail servers. CloudFlare does not offer any service for forwarding mail and as such when you take a MX record and point it to a CloudFlare forwarded domain, CloudFlare will give away server's real IP.

Instead a better practice is to use a third party mail service (such as Zoho, or Google Apps, etc.), or have your mail server running on a different IP. You can then point the MX record to the new record or mail server not located on your machine, and keep the real IP hidden safely.

Good luck

Related questions

API for checking blacklisted ip addresses?

I would like to check a list of ip addresses and see if they are blacklisted (which would make me block them on my server). Which recommended websites offer such a service?

Read More
How can you block or filter IP addresses on Heroku?

Is there a way to implement IP filtering or IP access rules much like I would with nginx/apache to restrict or block certain IPs on Heroku? Note: I know this can be done from within my application (Rails 3.2) very …

Read More
PHP most accurate / safe way to get real user IP address in 2017

What is the most accurate way to get user's IP address in 2017 via PHP? I've read a lot of SO questions and answers about it, but most of answers are old and commented by users that these ways are unsafe. …

Read More