Configure GMail using Google Workspace for GravityZone Security for Email
Follow these procedure to integrate GravityZone Security for Email with Google Workspace Gmail, for inbound and outbound email delivery.:
You should configure GMail using Google Workspace to block any inbound email that does not originate from the GravityZone Security for Email (EMS) product. However, you will need to do this via a two-step process. This section is split into two sections – prior MX record change and post MX record change.
Prior to changing MX records
Before changing MX records it is recommended that the GravityZone Security for Email IP addresses are added to the inbound gateway so that when MX records are changed all messages are not quarantined.
Note
You may already have inbound gateway entries listed. If this is the case you need to append the entries below to the existing list and then remove the existing entries once the MX records have been changed.
Follow the steps below:
Login to the Google Workspace Admin Console with an administrators account.
Click on the Menu button .
Select Admin > Apps > Google Workspace.
Click on GMail to take you to Settings for Gmail.
Click on Advanced Settings at the bottom of the page.
Scroll down to Spam, phishing, and malware and configure/edit the Inbound Gateways.
Add a Name to the Inbound setting.
Add the IP addresses for our service and click Save.
Note
You can find a list of our IP addresses here:
The entries should look like this if using the EU servers:
Note
Ensure you do not check the Reject all mail not from gateway IPs box.
Select the Message is considered spam if the following header regex matches checkbox and select the options below.
At the bottom of the Advanced Settings page, click Save to apply the changes.
Ensure that this configuration is replicated to Google Workspace before changing any MX records.
Note
It can take up to an hour for changes to propagate to user accounts for GMail using Google Workspace You can track changes in the Admin console audit log.
Post MX record change
Once MX records have been changed and replicated to the internet email should start flowing through the GravityZone Security for Email product. You can verify this via the GravityZone Security for Email Activity reports and charts. You can also check this in the Google Workspace portal by following these steps:
Login to the Google Workspace Admin Console with an administrators account.
Click on the Menu button .
Select Admin > Apps > Google Workpace.
Click on GMail to take you to Settings for Gmail.
Click on Setup.
Check that the MX records match the below:
Login to the Google Workspace Admin Console with an administrators account.
Click on the Menu button .
Select Admin > Apps > Google Workpace.
Click on GMail to take you to Settings for Gmail.
Click on Hosts section.
Click on the Add Route button.
Give the route a Name like “Google Internal”.
In the Specify Email server select Multiple hosts.
Add a primary entry for each of the GMail Servers listed below:
aspmx.l.google.com alt1.aspmx.l.google.com alt2.aspmx.l.google.com alt3.aspmx.l.google.com alt4.aspmx.l.google.com
Click Save.
Go to the General setting tab and scroll to the Routing setting in the Routing section.
Click on Add Another for Routing. This will open up a new Add setting option.
Enter a name like Internal Route.
Select the checkbox for Internal – Sending in Messages to affect.
Select only affect specific envelope recipients and define a REGEX for your internal domain.
Note
For multiple domains you can add them into the regex in this format:
.*@firstdomain\.com|.*@seconddomain\.co\.uk
Select Change route in For the above types of messages, to do the following.
Change the Normal routing to the one created above.
Click on Show Options at the bottom of this page and Select Users and Groups” under Account types to affect:
Click the Add Setting button, then click Save.
At the bottom of the Advanced Settings page, click Save.
Note
Now all internal mail is routed directly to Google servers, and all other mail routes through the GravityZone Security for Email Outbound Gateway.