I have a mail server running cPanel (WHM), I have close to 3000 clients that check their mail from cPanel's webmail options.
The mail server gets DDoS attacked fairly frequently and I've lost over a thousand dollars on different hosts who have terminated my account because of these attacks.
I am trying to sort out an elaborate system to hide the cPanel server and make the site as a whole harder to attack.
What I have so far:
--> EC2 server
| (load shared)
Mail Server---Reverse Proxy----> EC2 server
(cPanel) | (load shared)
--> EC2 server
That all works fine. The mail servers IP is hidden from the user (+headers), they can access their webmail and the site is load shared with instances from all over the world to help with the DDoS attacks.
But my problem is with setting up mail relays, I have no idea what my postfix config file should look like and really don't understand smart hosts or mail relays enough to set it up, I've tried heaps of tutorials online about setting up a mail relay and still can't get it working. Ideally I need something like this:
(I already have Exim routing to a random EC2 instance working, I set up a smart host in WHM to do it)
random smarthost (EC2 instance)-->EC2 server
-Strip mailserver IP from headers
Mail--->EC2 server (MX #1)
-Send mail to cPanel mail server IP address
-Strips cPanel mail server IP address from header
So put together you have a mail relay that pretends it's the final destination for mail:
Mail server on EC2 instance
Stripping any mention of the cpanel
Mail Server------IP address in the mail headers------ INTERNET
before either sending mail to
the destination or sending mail
to the cPanel server for Exim to
So I need advice on how to go about this.
a) Is the best method for me? I know a lot of EC2 IP addresses are registered as spammers but EC2 offers some help with that...
b) Should I choose postfix or exim, I've spent literally hundreds of hours trying to get this working on EC2 and postfix but just don't have the knowledge to make this work.
c) Could you please help me with setting this up? Show me what my postfix config file should look like or give me any tips.