Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
CnCNet Posted February 25, 2017 Posted February 25, 2017 Right now (We're on SMF and in the process of moving to IPB) we have emails disabled as it exposes the server origin in the email headers. Has anyone else had a similar problem in having to hide their server origin, and how did you resolve it?
inkredible Posted March 1, 2017 Posted March 1, 2017 I assume you are trying to hide it because you are using a CDN to protect your server. In that case I would recommend to use a 3rd party email service
ASTRAPI Posted March 1, 2017 Posted March 1, 2017 Keep in mind also that IPB doesn't have any protection for remote ip logging For example if a user upload an avatar using a remote image link the remote server will log the server ip Don't know if it is allowed to post the name of another forum platform but they have add a protection for such server remote connections that expose server ip using a proxy adapter when an untrusted direct connection needed.
sudo Posted March 1, 2017 Posted March 1, 2017 7 minutes ago, ASTRAPI said: Keep in mind also that IPB doesn't have any protection for remote ip logging For example if a user upload an avatar using a remote image link the remote server will log the server ip Don't know if it is allowed to post the name of another forum platform but they have add a protection for such server remote connections that expose server ip using a proxy adapter when an untrusted direct connection needed. There is an addon to proxy those requests: https://invisionpower.com/files/file/8467-proxy-outbound-connections/
CnCNet Posted March 1, 2017 Author Posted March 1, 2017 4 hours ago, inkredible said: I assume you are trying to hide it because you are using a CDN to protect your server. In that case I would recommend to use a 3rd party email service Yeah exactly. Any recommendations on email services out there that can help? 4 hours ago, ASTRAPI said: Keep in mind also that IPB doesn't have any protection for remote ip logging For example if a user upload an avatar using a remote image link the remote server will log the server ip Don't know if it is allowed to post the name of another forum platform but they have add a protection for such server remote connections that expose server ip using a proxy adapter when an untrusted direct connection needed. That's useful to know thanks for this.
inkredible Posted March 1, 2017 Posted March 1, 2017 1 hour ago, Grant B said: Yeah exactly. Any recommendations on email services out there that can help? That's useful to know thanks for this. I used zohomail for sending and receiving emails. There might be better options, but it was okay. 5 hours ago, ASTRAPI said: Keep in mind also that IPB doesn't have any protection for remote ip logging For example if a user upload an avatar using a remote image link the remote server will log the server ip Don't know if it is allowed to post the name of another forum platform but they have add a protection for such server remote connections that expose server ip using a proxy adapter when an untrusted direct connection needed. I don't think that there is no possibility to add an effective protection (beside proxying outgoing requests), except blocking the IPs/Domains of services who offer the image which allows IP resolving behind a reverse proxy. How should this work technically?
ASTRAPI Posted March 1, 2017 Posted March 1, 2017 The other platform has some related details: Platform is using this variable on config file: $config['untrustedHttpClient'] - default: array() When forum makes an HTTP call to an untrusted external server, you may specify a specific adapter configuration. For example, this allows you to use an HTTP proxy service to stop your application server's IP from being leaked. The value should be an adapter configuration array like given in this example: http://framework.zend.com/manual/1.12/en/zend.http.client.adapters.html#zend.http.client.adapters.proxy The Proxy Adapter: The Zend_Http_Client_Adapter_Proxy adapter is similar to the default Socket adapter - only the connection is made through an HTTP proxy server instead of a direct connection to the target server. This allows usage of Zend_Http_Client behind proxy servers - which is sometimes needed for security or performance reasons. But that will require an external server.... Also about zoho i thing it will not help for example when a user register and get an email from the core IPB system....
Recommended Posts
Archived
This topic is now archived and is closed to further replies.