XF 1.5 How to hide IP in notification email headers etc?

[Codeless]

Hi,

I'm getting DDOSSED to the hilt. Now using CloudFlare and have a new IP for the forums. It appears the IP can be revealed still as it's in the email headers.

How can I mask this or prevent this from happening?

As at the moment I have had to disable all email features including email to friend, contact us forms, notification emails and even human verification for new users.



Can anybody help? Ever had this before?

 

[Mike]

The traditional approach would be to configure your server to relay mail to another server which then scrubs the original IP details (for example: https://major.io/2013/04/14/remove-sensitive-information-from-email-headers-with-postfix/) and then that server sends the mail.

 

[Codeless]

thanks @Mike sorry i dont want to do this .

what if i change library\Zend\Mail\Protocol\ smtp.php - imap.php - pop3.php

smtp.php line 123

public function __construct($host = '127.0.0.1', $port = null, array $config = array())
    {
        if (isset($config['ssl'])) {
            switch (strtolower($config['ssl'])) {
                case 'tls':
                    $this->_secure = 'tls';
                    break;

                case 'ssl':
                    $this->_transport = 'ssl';
                    $this->_secure = 'ssl';
                    if ($port == null) {
                        $port = 465;
                    }
                    break;

                default:
                    /**
                     * @see Zend_Mail_Protocol_Exception
                     */
                    require_once 'Zend/Mail/Protocol/Exception.php';
                    throw new Zend_Mail_Protocol_Exception($config['ssl'] . ' is unsupported SSL type');
                    break;
            }
        }

===== To

public function __construct($host = 'smtp.gmail.com', $port = null, array $config = array())
    {
        if (isset($config['ssl'])) {
            switch (strtolower($config['ssl'])) {
                case 'tls':
                    $this->_secure = 'tls';
                    break;

                case 'ssl':
                    $this->_transport = 'ssl';
                    $this->_secure = 'ssl';
                    if ($port == null) {
                        $port = 465;
                    }
                    break;

                default:
                    /**
                     * @see Zend_Mail_Protocol_Exception
                     */
                    require_once 'Zend/Mail/Protocol/Exception.php';
                    throw new Zend_Mail_Protocol_Exception($config['ssl'] . ' is unsupported SSL type');
                    break;
            }
        }

and

smtp.php like 178

public function helo($host = '127.0.0.1')
    {
        // Respect RFC 2821 and disallow HELO attempts if session is already initiated.
        if ($this->_sess === true) {
            /**
             * @see Zend_Mail_Protocol_Exception
             */
            require_once 'Zend/Mail/Protocol/Exception.php';
            throw new Zend_Mail_Protocol_Exception('Cannot issue HELO to existing session');
        }

=== To 

public function helo($host = 'smtp.gmail.com')
    {
        // Respect RFC 2821 and disallow HELO attempts if session is already initiated.
        if ($this->_sess === true) {
            /**
             * @see Zend_Mail_Protocol_Exception
             */
            require_once 'Zend/Mail/Protocol/Exception.php';
            throw new Zend_Mail_Protocol_Exception('Cannot issue HELO to existing session');
        }

it will work ? or not bcoz problem is i have other sites on server i have issue with one forum only i don't want separate mailing system or anything else i want only send xenforo mails via google smtp and shows google ip instead of mine

 

[Codeless]

Waiting for reply from @Mike and @Brogan

 

[Mike]

The short answer is no. There's no shortcut. If you don't want to reveal your server, you can't ever have it connect to untrusted servers (by sending email, acting as a proxy, etc). You need another server to do that.

 

[Codeless]

any recommendation for new server average send more than 5K emails per day lot of notification etc

 

[Pierce]

any recommendation for new server average send more than 5K emails per day lot of notification etc

I was going to say use a mail transaction service..

https://xenforo.com/community/threa...ed-transactional-emails-with-pepipost.120717/

You could ask them...

 

[TPerry]

VPS for around $15 a month would probably handle that just fine if that's all it was doing.

 

[rdn]

Use Amazon Ses or Setup a separate Mail Server using MailinaBox on $10 per month server on Vultr, Linode or DigitalOcean.

 

[Codeless]

Appreciate to all friends who replied @Tracy Perry @Pierce @Mike @Brogan

i'll get a server today and try to setup myself if failed maybe i will ask again to setup if someone free to configure it properly

 

[questlot]

The traditional approach would be to configure your server to relay mail to another server which then scrubs the original IP details (for example: https://major.io/2013/04/14/remove-sensitive-information-from-email-headers-with-postfix/) and then that server sends the mail.

Will this work with Xenforo 2 because am being DDOS too. With this procedure mentioned in the url does that mean I can use the default xenforo PHP email feature without my IP address getting exosed @Mike ?