We help IT Professionals succeed at work.

Using a VPN provided static IP for a home mail server.

Dan A
Dan A used Ask the Experts™
on
Hi all,

For my own curiosity and playing around with Windows Servers at home to save me changing IP address when the ISP updates I purchased a static IP via VPN provider. Also given it would be an IP only used by me, I should be able to send mail and receive mail as it shouldn't be an IP listed in any spam filters.

I have a router which support OpenVPN and have setup port forwarding for incoming connections to my server at home. But can't seem to get anything to be seen while using the VPN static IP.

If I turn off the VPN it works but due to having the ISP public IP address I cannot send mail to a lot of people.

Is there any way I can utilize this VPN purchased static IP for my Exchange Server at home?

My ISP does not provide static IP's otherwise I would have used them.

Thanks
Dan
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Shabarinath RamadasanInfrastructure Architect

Commented:
Hello,

Did you checked if the required ports are really open through the static IP?
I would suggest to test it first to understand the issue.

https://mxtoolbox.com/diagnostic.aspx

Mx Toolbox will allow to do a test easily.

Similarly, for the outbound mails  - Check if you can telnet to a remote SMTP server, from the edge server to double-check if the outbound traffic is allowed.

Hope that helps.
EirmanChief Operations Manager

Commented:
I suggest that instead of using a VPN for routing email, you use a proper outgoing mail service.
I highly recommend https://www.smtp2go.com for reliable sending of email.
I have used their free service for 10 years with no problem.

You can login anytime to confirm delivery of your emails ......

LOG Sample
Free accounts come with a monthly allowance of 1,000 emails and an hourly limit of 25 emails
(the hourly limit is removed when you verify your sender domain.)
Paid accounts have no hourly limit and your monthly allowance is based on the plan you choose.

If your account has an allowance of at least 100,000 emails per month,
they automatically assign a dedicated IP address to you.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
Let's see how we understand your desired configuration:

Your router is connect via ISP (dynamic public IP) to WAN.
On the router you run OpenVPN to a VPN provider assigning another different (static) public IP.
You expect the VPN to be used for SMTP traffic while connected.

I'm not clear how you imagine to manage that. Does your router allow for policy based routing (source IP or port based)? Exchange tries to send directly to the target mail server, so you cannot run this with conventional static routing.
Reverse, I don't know if the router is able to NAT your internal Exchange server IP correctly to the static public IP either.
Dan AIT Support

Author

Commented:
Hi Qlemo, essentially the 3 lines on configuration are correct as per your above mentioned.

The router I have is a Netgear XR500, allows OpenVPN. What I thought was that when I VPN either specific ports or the whole server that it would use the port forwarding back to my internal server, I was thinking that once it hit the router, the router knows to spit it out to the internal server address. I have added a number of different ports for testing. When performing a port scan, the only port which comes back open is 443, with the others showing "filtered". The below are the port forwards.

Screenshot of router.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
You expect too much. ONly traffic originating from outside gets mapped correctly. Outgoing traffic, which is no reply on an existing TCP connection (session), will go out via the default gateway.
IT Manager
Top Expert 2010
Commented:
I am sure you will be disappointed as you cannot use the IP address of your VPN service to host a mail server.

You need to have a static and real IP address from your ISP for your broadband Internet to host a mail server.

Why?

Your ISP needs to setup reverse DNS lookup of your mail server hostname OR your mail server will be considered as a spam host.

The IP address assigned by your VPN service provider will never let you do reverse DNS lookup.
Dan AIT Support

Author

Commented:
Thank you all, very much appreciated. I was thinking this was the solution to all my home network testing solution.

I will look into the smtptogo site as well. Maybe they will be open to giving me a refund.

Kind regards
Dan
EirmanChief Operations Manager

Commented:
I cannot send mail to a lot of people
I guarantee that SMPT2GO will fully resolve that problem.

(You also can use the same smtp2go credentials to email from your phone).
Dan AIT Support

Author

Commented:
Just a follow up question for Eirman, I now have my email routing outbound via SMTP2GO, is there a solution to get inbound mail happening given I have an ISP dynamic IP Address.

 https://www.experts-exchange.com/questions/29167866/Using-a-VPN-provided-static-IP-for-a-home-mail-server.html#a43000973
Dan AIT Support

Author

Commented:
Heya all,

Just dropping a line to let you know that I found a solution rather than using something like SMTP2GO, I have come across the software https://ddnsbroker.com/ which updates all my host-names dynamically and so far so good, with a signed domain.

Thanks
Dan