G Suite - Outbound Mail Routes

Description

Configuring outbound mail routes in Google G Suite domains is required to relay messages from Gmail to Mailprotector's servers. The outbound mail routes are necessary to implement some of Mailprotector's solutions such as SecureStore archiving and Bracket email encryption.

Configuration steps for the inbound mail route are in the G Suite - Inbound Mail Route article.

Applies to:

Google G Suite Basic, Business, Enterprise

Prerequisites

Before beginning the configuration of the G Suite mail routes, the Mailprotector Console should have the domain, inbound SMTP host address and users configured to ensure the Mailprotector solution is ready to scan and protect the domain.

If the domain and users are not configured in the Mailprotector Console, please start with Step 1: Add Users.

You should also have access to the domain's public DNS zone. Changing the MX record is a required step to provisioning Mailprotector. The MX record should be modified before configuring the inbound mail route on G Suite. View Step 3: Change the DNS MX Records for more information.

Configuration Steps

Internal Messaging Consideration

By default, G Suite will route messages in the same domain directly to a user without leaving the Gmail servers. If you or your client intends to use SecureStore archiving or would like the option to encrypt emails between internal users, then you will need to add the optional Internal Sending route to the G Suite domain.

Adding the Internal Sending mail route will introduce two log entries in the Mailprotector Console for every internal message that is sent. One log entry for the outbound message from the sender and a second log entry for the inbound message to the recipient. The logging does not alter the email or message flow in any other way. The logging shows merely two entries because Mailprotector's systems will see the message for both the sender and recipient.

Outbound Mail Route Configuration

  1. Go to the Google Admin Console and click on Apps as shown in Figure 1.

    Fig. 1
    Admin_apps.png

  2. On the Apps Settings page, navigate through the pages by clicking G Suite > Gmail and you will arrive at the Settings for Gmail page as shown in Figure 2. Click on Advanced Settings to begin the configuration process.

    Fig. 2
    Gmail_advanced.png

  3. On the Advanced Settings page, you will start on the General Settings tab. Click on the Hosts tab as shown in Figure 3.

    Fig. 3
    Outbound_advanced_hosts.png

  4. On the Hosts tab, you may or may not have existing hosts listed. Find the ADD ROUTE button to the right of the tabs as shown in Figure 4. Click the button to add the outbound host.

    Fig. 4
    Outbound_hosts_add_route.png

  5. The Edit mail route window will open. Add a description such as Mailprotector Outbound Host.

    The email server is a Single Host, the address will be yourdomain.com.outbound.emailservice.io and the port will be 25.

    Leave the Options with the default setting to require secure transport using TLS with a CA signed certificate. The window should look similar to Figure 5 below. DO NOT use mp-gsuite.com.outbound.emailservice.io for the host address. That is a Mailprotector testing domain. Click the SAVE link to complete this route host configuration.

    Fig. 5
    Outbound_mail_host_route.png

  6. The mail route host has been configured, and you will need to return to the General Settings tab to continue. Click on the General Settings tab as shown in Figure 6.

    Fig. 6
    Outbound_back-to-general.png

  7. Scroll down to the Routing section and locate the Routing setting as shown in Figure 7. Move your mouse over the setting and click on the Configure button to the right. If you have an existing route setting, you will click on the Add Another button instead.

    Fig. 7
    Outbound_routing_configuration.png

  8. The Add setting window will open. Enter a description such as Outbound Route to Mailprotector.

    Select Outbound for the messages to affect.

    OPTIONAL: If your domain uses Google Drive and you send share notifications, you will want to add the setting to only affect senders from your domain. To do so, check the Only affect specific envelope senders, choose the Pattern match, and enter your domain as the Regexp.

    Select Change route in the Modify message section and select the host you created in Step 5.

    Once complete, the window should look similar to Figure 8. Click the Add Setting link in the lower right of the window to save the configuration.

    Fig. 8
    outbound_routing.png

  9. (Optional for Internal Sending. Skip to Step 11 if omitting.) If you intend to implement SecureStore archiving or would like the option to encrypt internal messages, you will add a second mail route for internal messages. Move your mouse over the new route displayed in the General Settings tab > Routing section and click on the Add Another button as shown in Figure 9.

    Fig. 9
    Outbound_route_addanother.png

  10. The Add setting window will open. Enter a description such as Internal Sending through Mailprotector.

    Select Internal - sending for the messages to affect.

    Select Change route in the Modify message section and select the host you created in Step 5.

    Once complete, the window should look similar to Figure 10. Click the Add Setting link in the lower right of the window to save the configuration.

    Fig. 10
    Outbound_internal_mailroute.png
  11. The mail route(s) are now added to the G Suite domain. At the bottom of the browser, you will see a notice and a Save link on the right-hand side as shown in Figure 11. Please click the Save link to finish the configuration steps.

    IMPORTANT: These changes may take up to 1 hour to propagate to all users in the G Suite domain. 
Have more questions? Submit a request

Comments