Skip to main content

Configure GMail using Google Workspace for GravityZone Security for Email

Follow these procedure to integrate GravityZone Security for Email with Google Workspace Gmail, for inbound and outbound email delivery.:

Configure Inbound mail on Gmail using Google Workspace to reject non-EMS emails

You should configure GMail using Google Workspace to block any inbound email that does not originate from the GravityZone Security for Email (EMS) product. However, you will need to do this via a two-step process. This section is split into two sections – prior MX record change and post MX record change.

Prior to changing MX records

Before changing MX records it is recommended that the GravityZone Security for Email IP addresses are added to the inbound gateway so that when MX records are changed all messages are not quarantined.

Note

You may already have inbound gateway entries listed. If this is the case you need to append the entries below to the existing list and then remove the existing entries once the MX records have been changed.

Follow the steps below:

  1. Login to the Google Workspace Admin Console with an administrators account.

  2. Click on the Menu button google_workspace_dots.PNG.

  3. Select Admin > Apps > Google Workspace.

  4. Click on GMail to take you to Settings for Gmail.

  5. Click on Advanced Settings at the bottom of the page.

  6. Scroll down to Spam, phishing, and malware and configure/edit the Inbound Gateways.

  7. Add a Name to the Inbound setting.

  8. Add the IP addresses for our service and click Save.

    Note

    You can find a list of our IP addresses here:

    The entries should look like this if using the EU servers:

    104340_1.png

    Note

    Ensure you do not check the Reject all mail not from gateway IPs box.

  9. Select the Message is considered spam if the following header regex matches checkbox and select the options below.

    104340_1_2.png

  10. At the bottom of the Advanced Settings page, click Save to apply the changes.

  11. Ensure that this configuration is replicated to Google Workspace before changing any MX records.

    Note

    It can take up to an hour for changes to propagate to user accounts for GMail using Google Workspace You can track changes in the Admin console audit log.

Post MX record change

Once MX records have been changed and replicated to the internet email should start flowing through the GravityZone Security for Email product. You can verify this via the GravityZone Security for Email Activity reports and charts.  You can also check this in the Google Workspace portal by following these steps:

  1. Login to the Google Workspace Admin Console with an administrators account.

  2. Click on the Menu button google_workspace_dots.PNG.

  3. Select Admin > Apps > Google Workpace.

  4. Click on GMail to take you to Settings for Gmail.

  5. Click on Setup.

  6. Check that the MX records match the below:

Configure Google Workspace to bypass EMS for Internal mail

  1. Login to the Google Workspace Admin Console with an administrators account.

  2. Click on the Menu button google_workspace_dots.PNG.

  3. Select Admin > Apps > Google Workpace.

  4. Click on GMail to take you to Settings for Gmail.

  5. Click on Hosts section.

  6. Click on the Add Route button.

  7. Give the route a Name like “Google Internal”.

  8. In the Specify Email server select Multiple hosts.

  9. Add a primary entry for each of the GMail Servers listed below:

    aspmx.l.google.com
alt1.aspmx.l.google.com
alt2.aspmx.l.google.com
alt3.aspmx.l.google.com
alt4.aspmx.l.google.com
    104340_3.png

  10. Click Save.

  11. Go to the General setting tab and scroll to the Routing setting in the Routing section.

  12. Click on Add Another for Routing. This will open up a new Add setting option.

  13. Enter a name like Internal Route.

  14. Select the checkbox for Internal – Sending  in Messages to affect.

  15. Select only affect specific envelope recipients and define a REGEX for your internal domain.

    104340_4.png

    Note

    For multiple domains you can add them into the regex in this format:

    .*@firstdomain\.com|.*@seconddomain\.co\.uk

  16. Select Change route in For the above types of messages, to do the following.

  17. Change the Normal routing to the one created above.

    104340_5.png

  18. Click on Show Options at the bottom of this page and Select Users and Groups” under Account types to affect:

    104340_6.png

  19. Click the Add Setting button, then click Save.

  20. At the bottom of the Advanced Settings page, click Save.

Note

Now all internal mail is routed directly to Google servers, and all other mail routes through the GravityZone Security for Email Outbound Gateway.

In this section: