-1

Two questions, two problems.

I use cloudflare so I don't reveal my IP, there is a problem I can not use cloudflare for my mail server. Now is it so i am under DDOS because mail.example.com is exposed. Is there a way to change the name of the subdomain for the mailserver not use mail. just for example that I use abc. For my mailserver that they can no just easy know where my mail server is to reach.

Another thing why my website shows up when i go to mail.example.com

I mean is that right so,because i thought that its a issue that my site is showing under the address for the mail server.

Tim
  • 31,888
  • 7
  • 52
  • 78
xxxxx
  • 1
  • 1
  • Give us some help? What mail server are you running? What the Domain? Do you have an example of your DNS zone? Have you spoken to CloudFlare? – Zapto Jun 24 '16 at 19:23
  • Also you should open a second question for your second issue. – Zapto Jun 24 '16 at 19:23

2 Answers2

1

The only requirement for incoming email is that you have an MX record that is an A record. That MX record could be any hostname, and it doesn't even have to be a subdomain of your domain. So, there's no problem with using abc.example.com.

With regard to the website showing when accessed by mail.example.com, that really depends on how you have your webserver setup. Most webservers currently will use virtualhosting to determine the content to serve based on the hostname, and not just the IP address. You have a few options. The best option is to block all traffic that does not come from Cloudflare. If your firewall can handle it, perhaps you could block port 80 and 443 traffic, and then whiletist the Cloudflare IP addresses. Or on the web server level, for instance with Apache, you could add a deny from all line and then a allow from <ip> for each of their IPs, which you get from them. If that is not an option, perhaps you could setup your web server to simply deny any request for that host. For instance, if you are using Apache, you could drop a .htaccess file in the document root which contains something like:

RewriteCond %{HTTP_HOST} !^(www\.)?example\.com$
RewriteRule ^ http://example.com/

This would redirect traffic to your actual site, which you have resolving through the third party.

If that doesn't work, you could perhaps place some PHP code in an index.php file which does something similar.

DKing
  • 826
  • 5
  • 13
0

If you don't want to reveal your public IP you can't have any DNS recording pointing to it. Sounds like you set up an A record, which isn't required, you just needed an MX record. Suggest you remove the A record and sign up for hosted email, Google or FastMail are good options, but there are plenty. Point your MX record at the hosted email, and set up SPF as well.

You could change your public IP. Also, in CloudFlare, turn on "I'm under attack" mode, which will help a lot. Make sure the "orange cloud" is turned on in the DNS screen.

Tim
  • 31,888
  • 7
  • 52
  • 78