Protonmail Mail Bridge with Ubuntu Server - how to?

I can see that Proton has a bridge for Ubuntu, but it looks like a GUI application:

Does anyone know:

  1. How do I install the Proton Mail Bridge at Ubuntu Server (for SMTP use by Discourse)
  2. Since we’re going under ddos protection service from the very beginning, would using a Mail Bridge expose our server’s IP address in email headers or in any other way?

If you think Proton Mail Bridge is not a viable option and is not achievable, do you know of any alternative? Requirements are:

  • known encrypted mail service
  • usable by Discourse
  • with a way to make the server IP never exposed except in the “bridge” / “proxy” / whatever communication tunnel is established between the server and the mail service.

I’ve seen other topics about Proton Mail here, and they all were written at a time when outgoing email was limited by Protonmail. But it is not anymore. So I’m reconsidering of using Protonmail for transactional email.

Our content is sensitive so we really need this - the more protection options the better. It will be up to our users to use their Proton mailboxes to setup an account with our Discourse instance though. But at least we’d like to give such an option to have email communication with the forum fully encrypted.

Any advice is welcome!

Perhaps the Email > private email option would be helpful here in lieu of attempting to secure email.

I imagine this will not be trivial for a publicly-accessible Discourse instance regardless of how you configure email.

I think that you would need another server to rewrite the headers to remove the server up address. But then you’d have the same problem with leaking that ip address.

Okay, is there an option to make Discourse email-less entirely? We’re okay with that. Some users would not want to expose their emails at all, and that would be deal-breaker for them.

Security by obscurity is not security.

All you need to do is to firewall your server so that nothing can contact it. Then it won’t matter if someone knows the ip address.