So it depends. For example some legacy apple stuff had a bad DHCP implementation where it would try to hold onto an IP address it had before.

When there’s one DHCP server with a reserved ip it won’t assign that ip to the wrong device. (Unless you’re running some buggy software that takes your configuration as suggestions)

Where the advice to set it anyways comes from scenarios where that DHCP server goes down for long enough that everyone starts self assigning addresses. It’s a real hassle to find the correct system when that happens.

Avoiding spam filters and ISP blocks are a common issue with self hosted email.

Ideally you’ll have a mature domain, dkim configured and an IP that’s not blacklisted on a network that allows email traffic.

OVH offers pretty cheap email hosting if you just want a turn key solution.

Otherwise if you want your home lab to work this way you may need to configure something akin to a forward proxy on a VPS to act as a gateway for your homelab.

This could be achieved using wireguard and iptables. By routing the email traffic to your homelab.

A 60% rent claw back :D

I’d suggest using OVH. https://help.ovhcloud.com/csm/en-ie-dns-dynhost?id=kb_article_view&sysparm_article=KB0051641

Depending on your country you may need to use ovh canada

Syncthing like others suggested is probably the way to go.

But if you want more options you can do a lot with WebDAV. https://www.digitalocean.com/community/tutorials/how-to-configure-webdav-access-with-apache-on-ubuntu-18-04

Hey I just had another thought. Do you have your ISP provided router in bridge mode? That would help if you’re not using it for anything else.

If your lan devices only have a fe80, your clients are not receiving a proper router advertisement.

Which routes and firewall rules should I be checking?

Since the OPNsense device is getting a ipv6 address and is able to ping ipv6 devices on the internet.

It sounds like you don’t have ipv6 configured for the LAN. Try enabling “Assisted” mode.

https://docs.opnsense.org/manual/radvd.html

Confirm the ipv6 addresses your clients in the LAN are being assigned an ipv6 address within the scope of what your ISP is assigning.

If you are check default routes and firewall rules.

If you aren’t, investigate “router advertisement”.

I like that idea.

I’d suggest OVH or Digital Ocean.

If you think a DDoS attack is possible I’d suggest azure for that.

Sounds like an issue with your registrar more so than the domain authority?

Do you have any information to distinguish that?

Does anyone here know if they are the same entity?

This is probably a bit extreme. I think it has a way to tie into your phone’s calendar too.

But you could use redmine and create tickets and reoccuring tasks.

Using a whitelist in this manner with cloudflare may be challenging as this list can potentially change. They do have means to query it though. https://developers.cloudflare.com/api/operations/cloudflare-i-ps-cloudflare-ip-details Additionally, have you considered ipv6 support?

if you haven’t solved the problem yet, I would consider switching to Apache for your reverse proxy and using mod_remoteip.

Track the CF-Connecting-IP field instead of the IP address to get the client.

https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/

I found this docker option.

https://hub.docker.com/r/apache/james#!

Although it’s pretty cheap to have someone else host it.

https://www.ovhcloud.com/en/emails/mail-hosting/

Wasn’t the amount the EU seized like €15 billion?

Seems like a good deal.

That must be a very unfortunate situation where you don’t have control of your network for that to be a concern though. in which case I wouldn’t expect it to be suitable for a internet facing homelab?

Like I’m struggling to think of scenarios for this.

I suppose you could be trying to setup a homelab on a college network or using someone else’s internet connection where you have no input on the matter.

Perhaps, I could see a case for CGNAT like another user mentioned, where the whole town shares an single IP for example. But I’d imagine such a network would offer poor performance.

But in all those scenarios, a VPS is cheaper and you can do everything this service offers and more.

Yeah that’s a fair point, much like a VPN I could see this being useful in scenarios where you have limited control over your network.

It’s fairly straightforward to do for free with Hurricane Electric. Some home routers even have it built in as an option. https://tunnelbroker.net/

I’m assuming anyone who’s playing around with servers is capable of implementing it.

Go on eBay, punch in the price you’re looking to spend and search for an old server. Keep in mind some manufacturers use proprietary connectors.

Look for servers with lots of ECC ram, clean photos of the internals.

They probably won’t have a drive that’s pretty common.

To meet that 16 core requirement, you’ll probably be looking at older dual socket systems.

Edit: a quick search I found this. https://www.ebay.com/itm/225978893065?

Not a perfect match but the price is pretty good.

If I was in your IT department I’d be required to shut this down and probably revoke your access until our bosses decide on your future.

Keep in mind, your employer has a responsibility to protect their data and this would subject your homelab to any legal liabilities such as a lawsuit search order and data privacy auditing.

Any solution you work out needs to be signed off on in writing if it’s outside their expected usage.

Another important point o365 requires oauth2 authentication unless your IT department has intentionally allowed other forms of authentication or they are in a hybrid legacy environment.

When they broke EWS and office 2010 compatibility they crippled many foss solutions without an additional license and the tools that do work will report details to exchange about your homelab. So if your department is diligent it’ll come to their attention.