Cloudflare and relaying with two Cloudron Servers

cdrm

Hello, is the following configuration feasible? If so, can anyone provide a step-by-step guide on how to set this up? Thanks.

• Relay server = Cloudron 1 = mydomain1.com.
• Main server = Cloudron 2 = mydomain2.com.
• I want to be able to send out emails at hello@mydomain2.com via apps on Cloudron 2 using the relay, so I can obscure the IP of Main server.
• Incoming emails @ mydomain2.com are accessible on apps on Cloudron 2.
• Main server IP address is obscured.
• Relay server IP is not (does not have to be) obscured.

robi

It's covered on the forum and in the docs.

See https://forum.cloudron.io/post/9324

girish

How is all this related to Cloudflare? Cloudflare does not relay emails, only http requests.

cdrm

@robi That post and the documentation do not go into the specifics of setup.

I've attempted setup myself, I got as far as setting up Cloudron 2 > Email > Outbound relay settings to use Cloudron 1, and I have included an SPF record for domain 1 in the configuration of domain 2. I'm not sure how to configure DKIM. I've also seen mentioned in the Cloudron docs a "Domain verified" setting requisite -- I do not see such an option in the Cloudron email server settings.

When I try to send out an email on Cloudron 2, I get something along the lines of:
Error 550 authenticated user [relay address on server 1] cannot send mail as [sending address on server 2]

@girish Cloudflare is not strictly relevant for the solution, but I am using it for mydomain1.com and I do not want the origin server exposed, hence the relay requirement -- I imagine this kind of setup isn't entirely uncommon.

robi

@cdrm see: https://forum.cloudron.io/post/52997

cdrm

I have updated my setup as per the link above i.e. the relay server has the main server's domain and I have a "relay" email inbox set up in there.

I am able to send emails if the sending and relay email addresses match. But it doesn't work if the sending email is different to the relay email e.g. send@domain2.com > relay@domain2.com > destination email (Error: 550 Authenticated user relay@domain2.com cannot send mail as send@domain2.com)

At this point, I think I may as well manually repoint my email clients on the main server to use the relay server as the email server. I will test this method out w.r.t sending, receiving and verified dns settings.

robi

@cdrm Yes, it's a precise mapping.

For some of the differences you may be able to use aliases for the relay user, such as 'send'.

cdrm

Following my previous post, I've set things up using the alternative method:

• Setup the cloudflare "obscured" cloudon using domain 1, and the "mail" cloudron using domain 2.
• Add domain 1 as an additional domain in the mail cloudron.
• Add a mailbox for domain 1 in the mail cloudron. DNS records for domain 1 should automatically update without exposing the obscured cloudron server.
• Use the SnappyMail app on the obscured cloudron (as far as I know, it's the only email app that allows connecting to external email servers). You need to access the admin page to be able to add in external email servers.
• Login with any email address as needed.

The potential downside is that all email addresses need to be set up on the mail cloudron, which can mean duplicating users across the two cloudrons. Fortunately, there is the shared LDAP feature in cloudron (which I think is only available account-wide with a paid subscrption?)

girish

@cdrm the shared LDAP is available from 7.6.4 in all plans.