Using a VPN provided static IP for a home mail server.
Hi all,
For my own curiosity and playing around with Windows Servers at home to save me changing IP address when the ISP updates I purchased a static IP via VPN provider. Also given it would be an IP only used by me, I should be able to send mail and receive mail as it shouldn't be an IP listed in any spam filters.
I have a router which support OpenVPN and have setup port forwarding for incoming connections to my server at home. But can't seem to get anything to be seen while using the VPN static IP.
If I turn off the VPN it works but due to having the ISP public IP address I cannot send mail to a lot of people.
Is there any way I can utilize this VPN purchased static IP for my Exchange Server at home?
My ISP does not provide static IP's otherwise I would have used them.
Thanks
Dan
ExchangeVPNWindows OSWindows 10Azure
Last Comment
Dan A
8/22/2022 - Mon
Shabarinath TR
Hello,
Did you checked if the required ports are really open through the static IP?
I would suggest to test it first to understand the issue.
Similarly, for the outbound mails - Check if you can telnet to a remote SMTP server, from the edge server to double-check if the outbound traffic is allowed.
Hope that helps.
Eirman
I suggest that instead of using a VPN for routing email, you use a proper outgoing mail service.
I highly recommend https://www.smtp2go.com for reliable sending of email.
I have used their free service for 10 years with no problem.
You can login anytime to confirm delivery of your emails ......
Free accounts come with a monthly allowance of 1,000 emails and an hourly limit of 25 emails
(the hourly limit is removed when you verify your sender domain.)
Paid accounts have no hourly limit and your monthly allowance is based on the plan you choose.
If your account has an allowance of at least 100,000 emails per month,
they automatically assign a dedicated IP address to you.
Qlemo
Let's see how we understand your desired configuration:
Your router is connect via ISP (dynamic public IP) to WAN.
On the router you run OpenVPN to a VPN provider assigning another different (static) public IP.
You expect the VPN to be used for SMTP traffic while connected.
I'm not clear how you imagine to manage that. Does your router allow for policy based routing (source IP or port based)? Exchange tries to send directly to the target mail server, so you cannot run this with conventional static routing.
Reverse, I don't know if the router is able to NAT your internal Exchange server IP correctly to the static public IP either.
Hi Qlemo, essentially the 3 lines on configuration are correct as per your above mentioned.
The router I have is a Netgear XR500, allows OpenVPN. What I thought was that when I VPN either specific ports or the whole server that it would use the port forwarding back to my internal server, I was thinking that once it hit the router, the router knows to spit it out to the internal server address. I have added a number of different ports for testing. When performing a port scan, the only port which comes back open is 443, with the others showing "filtered". The below are the port forwards.
Qlemo
You expect too much. ONly traffic originating from outside gets mapped correctly. Outgoing traffic, which is no reply on an existing TCP connection (session), will go out via the default gateway.
I guarantee that SMPT2GO will fully resolve that problem.
(You also can use the same smtp2go credentials to email from your phone).
Dan A
ASKER
Just a follow up question for Eirman, I now have my email routing outbound via SMTP2GO, is there a solution to get inbound mail happening given I have an ISP dynamic IP Address.
Just dropping a line to let you know that I found a solution rather than using something like SMTP2GO, I have come across the software https://ddnsbroker.com/ which updates all my host-names dynamically and so far so good, with a signed domain.
Did you checked if the required ports are really open through the static IP?
I would suggest to test it first to understand the issue.
https://mxtoolbox.com/diagnostic.aspx
Mx Toolbox will allow to do a test easily.
Similarly, for the outbound mails - Check if you can telnet to a remote SMTP server, from the edge server to double-check if the outbound traffic is allowed.
Hope that helps.