Description
This article provides information on how to provision MPmail with G-suite/Gmail/Google Apps.
Requirements
A Gsuite subscription
MPmail
The Process
The MPmail email protection service is fully compatible with Google G Suite (previously known as Google Apps).
To configure MPmail to work with Google G Suite requires the following steps to be undertaken;
Inbound Email Routing
- Configure MPmail to route inbound email to Google G Suite
- Configure your MX record to route email to MPmail
- Lock down Google G Suite to only accept inbound email from MPmail
- De-activate spam filtering on Google G Suite (Optional)
Outbound Email Routing
- Configure MPmail to accept outbound email from Google G Suite
- Publish an SPF record for your domain name
- Configure Google G Suite to route outbound email via MPmail
STEP 1 - Configure MPmail to route inbound email to Google G Suite
When setting up your account on Google G Suite, Google would have provided a list of MX records to use. Using the MX records provided by Google, these would then be entered in the MPmail control panel in Email > Filtering > IP/Hostname.
As an example, if Google provided the following set of MX records;
Then in the control panel under Security Settings/Spam and Malware Protection
- Enter the following as the Destination IP/Hostname;ASPMX.L.GOOGLE.COM#10;ALT1.ASPMX.L.GOOGLE.COM#20;ALT2.ASPMX.L.GOOGLE.COM#30;ALT3.ASPMX.L.GOOGLE.COM#40;ALT4.ASPMX.L.GOOGLE.COM#50
Click Save
Please note the following key points;
- The # symbol indicates the priority of the email.
- Each entry needs to be separated with a semi colon (;) and for there to be no spaces between each entry
- Google may have a couple of records with the same priority. On MPmail these should be entered with a differing priority. In this example the records have been entered as priority #10, #20, #30, #40, #50. Alternatively they could have been entered as #1, #2. #3. #4, #5 to achieve the same effect.
Step 2 - Configure your MX record to route email to MPmail
The MX record for your domain name now requires to be updated to route all email to MPmail. Details on which MX records to use is detailed at http://support.manageprotect.com/help/what-do-my-mpmail-mx-records-need-to-be
Step 3 - Lock down Google G Suite to only accept inbound email from MPmail
In Google Admin (at admin.google.com) go to Apps > G Suite > Settings for Gmail > Advanced Settings. Scroll down to Inbound Gateway.
- Add the IP address ranges detailed in https://converge.mp/deliverability/
- Give the rule a name - "Restrict inbound email to only be accepted from MPmail"
- To help Gmail determine the source IP address to use for the SPF evaluation, select Automatically detect external IP.
- To reject messages from anywhere other than your inbound gateway, check the Reject all mail not from gateway IPs box.
- To reject connections from IP addresses in the Gateway IPs list if the connections don’t use TLS, check the Require TLS for connections from the email gateways listed above box.
- Click Save.
Step 4 - De-activate Spam Filtering on Google G Suite (Optional)
In Google Admin go to Apps > G Suite > Settings for Gmail > Advanced Settings. Select tab "Default Routing".
- Click Add setting
- Specify envelope recipients to match. Select All recipients from the drop down
- Under Spam, check Bypass spam filter for this message
- Under options, select Perform this action on non-recognized and recognized addresses.
- Click SAVE
Outbound Email Routing
Step 1 - Configure MPmail to accept outbound email from Google G Suite
In the MPmail control panel in Security Settings/Spam and Malware Protection in the Relay IP Addresses for outgoing emails section
- Add 192.168.0.1
- Click save
Step 2 - Publish an SPF record for your domain name
Create a TXT record containing this text:
v=spf1 include:_spf.google.com include:spf.mpmailmx.com -all
Or update your existing SPF record with MPmail's include statement:
include:spf.mpmailmx.com
Step 3 - Configure Google G Suite to route outbound email via MPmail
In Google Admin go to Apps > G Suite > Settings for Gmail > Advanced Settings. Scroll down to Outbound Gateway in the Routing section.
Please route all mail to: <domain>.outbound.anz.mpmailmx.com (port 25)