Transactional SMTP Relay requirements for Cloudflare

If you've enabled the Cloudflare proxy for HTTPS://, incoming Transactional SMTP Relay is blocked by Cloudflare's firewall unless you pay for the spectrum service.

To use Transactional SMTP Relay with Cloudflare, you'll need to make a secondary subdomain just for this purpose with the proxy switch flipped to the gray cloud (OFF).

You'll then need to create a TLS certificate using Let's Encrypt just for SMTP, in order to ensure compatibility with connecting applications.

Below are the instructions for enabling TLS for Transactional SMTP Relay on your VPS for compatibility with Cloudflare when using Cloudflare as your reverse proxy for HTTPS.

Log into your VPS using SSH on macOS or PuTTY on Windows

ssh root@1.2.3.4

*** Note: Use the the real IP address of your VPS above, not 1.2.3.4, this is just a placeholder.

Change directory to your ESP installation:

cd edcom-install

You must be on the latest build for Let's Encrypt to work:

./upgrade.sh

Run this command and provide your secondary SMTP Relay subdomain and domain you created just for this purpose as an argument.

./generate_smtp_certificate.sh smtprelay.yourdomain.com

*** Note: Use the the real subdomain and domain you created for this purpose above, not smtprelay.yourdomain.com, this is just a placeholder.

Restart your ESP:

./restart.sh

Create an automated cron job that renews your Let's Encrypt certificate every 30 days.

Run the following command and when you're asked which editor to use, select nano:

crontab -e

Copy and paste the following into the bottom of the editor, change the placeholder domain to the real subdomain and domain you created for this purpose, and hit ctrl-x to save:

* * */30 * * cd /root/edcom-install && ./renew_smtp_certificate.sh smtprelay.domain.com > data/logs/certbot.log 2>&1

*** Note: Use the real subdomain and domain you created for this purpose above, not smtprelay.yourdomain.com, this is just a placeholder.

*** Note: If your ESP is installed somewhere else other than /root/edcom-install you will need to modify that as well.

You're done! Make sure you use TLS for your Transactional SMTP Relay settings and not SSL in the configuration of your connecting applications.

PreviousCloudflare as SSL proxy NextTroubleshooting common SSL issues

Last updated 1 year ago

Was this helpful?

Transactional SMTP Relay requirements for Cloudflare

If you've enabled the Cloudflare proxy for HTTPS://, incoming Transactional SMTP Relay is blocked by Cloudflare's firewall unless you pay for the spectrum service.

To use Transactional SMTP Relay with Cloudflare, you'll need to make a secondary subdomain just for this purpose with the proxy switch flipped to the gray cloud (OFF).

You'll then need to create a TLS certificate using Let's Encrypt just for SMTP, in order to ensure compatibility with connecting applications.

Below are the instructions for enabling TLS for Transactional SMTP Relay on your VPS for compatibility with Cloudflare when using Cloudflare as your reverse proxy for HTTPS.

Log into your VPS using SSH on macOS or PuTTY on Windows

ssh root@1.2.3.4

*** Note: Use the the real IP address of your VPS above, not 1.2.3.4, this is just a placeholder.

Change directory to your ESP installation:

cd edcom-install

You must be on the latest build for Let's Encrypt to work:

./upgrade.sh

Run this command and provide your secondary SMTP Relay subdomain and domain you created just for this purpose as an argument.

./generate_smtp_certificate.sh smtprelay.yourdomain.com

*** Note: Use the the real subdomain and domain you created for this purpose above, not smtprelay.yourdomain.com, this is just a placeholder.

Restart your ESP:

./restart.sh

Create an automated cron job that renews your Let's Encrypt certificate every 30 days.

Run the following command and when you're asked which editor to use, select nano:

crontab -e

Copy and paste the following into the bottom of the editor, change the placeholder domain to the real subdomain and domain you created for this purpose, and hit ctrl-x to save:

* * */30 * * cd /root/edcom-install && ./renew_smtp_certificate.sh smtprelay.domain.com > data/logs/certbot.log 2>&1

*** Note: Use the real subdomain and domain you created for this purpose above, not smtprelay.yourdomain.com, this is just a placeholder.

*** Note: If your ESP is installed somewhere else other than /root/edcom-install you will need to modify that as well.

You're done! Make sure you use TLS for your Transactional SMTP Relay settings and not SSL in the configuration of your connecting applications.

PreviousCloudflare as SSL proxy NextTroubleshooting common SSL issues

Last updated 1 year ago

Was this helpful?