SMTP relay service setting
If your organisation uses a non-Gmail mail service such as Microsoft Exchange (or other non-Google SMTP service), you can use the SMTP relay service setting to route outgoing mail through Google. This enables you to filter messages for spam and viruses before they reach external contacts, and to apply Google Apps email security settings to outgoing messages.
- Once you have configured the SMTP relay service, you’ll need to configure your on-premise outbound mail server to point to Google. See the steps below for instructions.
- The SMTP relay service enables you to relay mail only for domains that you have added to your Google Apps account. This service is not an open relay for any IP address that you specify. Make sure all of the domains used by your sending servers are added to Google Apps; otherwise, messages may be rejected.
To route your outbound mail through Google Apps using the SMTP relay service setting:
- Sign in to the Google Admin console.
- Do one of the following:
- In the classic Admin console, click Settings > Gmail.
- In the new Admin console, click Google Apps > Gmail > Advanced settings.
- In the Organisations section near the top of the page, highlight your root org.
Note: You can configure the SMTP relay service setting for the root organisational unit only. You can view the setting from the sub-org level once it's added, but you cannot add, edit, or delete the setting from the sub-org level.
- Scroll down to SMTP relay service (you can also enter SMTP relay service in the search field):
- If the setting's status is Not configured yet, click the Configure button near the right edge of the window (the Add setting dialog box opens).
- Click Edit to edit an existing setting (the Edit setting dialog box appears).
- Click Add description to enter a short description that will appear in the setting's summary.
- In the Authentication section, click Add.
- Enter an IP address or range. Mail sent from these IP addresses will be trusted as coming from your domain(s).
Use CIDR format to enter an IP range. For example, 192.168.12.0/23 represents an address range of 192.168.12.0 to 192.168.13.255. The maximum number of IP addresses that can be specified in the range is 65,536. We recommend that you keep the allowed IP range as narrow as possible for security reasons.
You can also use IPv6 address formats to specify an IP address. For example:
1050:0000:0000:0000:0005:0600:300c:326b or
1050:0:0:0:5:600:300c:326b or
1050::5:600:300c:326b
- Click Save.
- In the Encryption section, click Require TLS Encryption to require that the communication between your server and Google’s server be TLS encrypted, including the message contents.
Note: If your email server does not support TLS, then you should not click this checkbox. By clicking this check box, Google will reject messages that are not encrypted.
- When you are finished making changes, click Add setting or Save to close the dialog box.
Note: Any settings you add will be highlighted on the Advanced settings page.
- Click Save changes at the bottom of the Advanced settings page.
- Configure your on-premise outbound mail server to point to smtp-relay.gmail.com, port 25 or port 465. See the sections below for instructions on completing this step for specific mail servers.
Follow the instructions below to set up the SMTP relay service for Exchange 2007/2010 if you do not have an Edge Server. In this case, set up Outbound Services on a Hub Transport server.
There is no need to increase the timeouts for Microsoft Exchange 2007/2010 mail servers. The default timeout settings are appropriate.
To create and configure a Send Connector on your Hub Connector Server:
- Click Organisation Configuration > Hub Transport.
- Click Send Connectors.
- Right-click in the actions pane and choose New Send Connector.
- Name the connector Outbound.
- Under Select the intended use for this Send Connector, select Internet, and click Next.
- Click Add to open the Add Address Space dialog box.
- In the Domain field, enter an asterisk (*) so that all mail will be routed through the new connector.
- Highlight the Include all subdomains check box, and click OK.
- Click Next.
- Under Network settings, select Route mail through the following smart hosts.
- Click Add.
- In the Add smart host dialog box, enter the following smarthost in the Fully qualified domain name field:
smtp-relay.gmail.com
- Click OK.
- Under Configure smart host authentication settings, click None, and then clickNext.
- Under Source Server, click Add, and list each outbound hub server that will act as a bridgehead.
- Click OK, and click Next.
- Click New.
- Click Finish to complete the send connector configuration.
- Once you have completed your configuration, send a test message to confirm that your outbound mail is flowing.
For Microsoft Exchange 2007/2010, different servers are assigned distinct, concrete roles. An Edge Server is one such role. The Edge Server connects all other Exchange Servers to the Internet, and provides filtering and security.
To send email on an edge transport server, you need to configure a send connector. Send connectors are created and edited in the Exchange Management Console. Follow the instructions below to set up the SMTP relay service for Exchange 2007/2010 on your Edge Server.
There is no need to increase the timeouts for Microsoft Exchange 2007/2010 mail servers. The default timeout settings are appropriate.
To create and configure a Send Connector on your Hub Connector Server:
- Click Organisation Configuration > Hub Transport.
- Click Send Connectors.
- Double-click the connector named EdgeSync – [your site] to Internet, where [your site] is the name of your site.
- From the Address Space tab, verify that the “*” domain has been added.
- From the Network tab, un-check “Enable Domain Security (Mutual Auth TLS)", and click Route mail through the following smart hosts.
- Click Add.
- In the Add smart host dialog box, enter the following smarthost in the Fully qualified domain name field:
smtp-relay.gmail.com
- Click OK.
- On the Source Server tab, verify that the appropriate edge subscription(s) are defined.
- From the Exchange Management Shell, run the following command:
start-edgesynchronization
- Verify on the Edge server(s) that the new Send Connector settings have been received and look identical to those on the hub server.
- Be sure to check your receive connectors on the Edge server and verify the following:
- The Network tab has the IP range of all hub servers included
- The Authentication tab has the Exchange Server Authentication tab checked
- The Permission Groups tab has the Exchange Servers option checked
- Once you have completed your configuration, send a test message to confirm that your outbound mail is flowing.
- Right-click SMTP Virtual Server and select Properties.
- Click the Delivery tab.
- Under Outbound, change the default retry interval values to the following:
First retry interval (minutes): 1
Second retry interval (minutes): 1
Third retry interval (minutes): 3
Subsequent retry interval (minutes): 5
- Click Connectors and then right-click the SMTP Connector (or the Internet Mail SMTP Connector) and select Properties.
- On the General tab, type in the following smart host:
smtp-relay.gmail.com
- Click OK to save the changes.
Changing the timeout configuration for Lotus Domino R5/R6 is not required. You can use the default timeout settings.
Set up a smarthost and adjust the Retry Interval by following these steps:
- Open Domino Administrator.
- Click Administration and select the Configuration tab.
- Click Configurations.
- Double-click the name of your Domino Server.
- At the top of the window, click Edit Server Configuration.
- Select the Router/SMTP tab in the first row. (This will select the Basics tab of the second row of tabs.)
- Under Relay host for messages leaving the local internet domain, add the following:
smtp-relay.gmail.com
- Select the Restrictions and Controls tab from the second row.
- Select the Transfer Controls tab from the third row.
- Set the configuration Initial Transfer Retry Interval to 1 minute or higher.
- Click Save & Close to exit.
- Once you have completed your configuration, send a test message to confirm that your outbound mail is flowing.
To increase server timeouts:
- Open the Groupwise ConsoleOne interface.
- Right-click the Internet Agent object, and click Properties.
- Select the SMTP/MIME Settings tab and click Timeouts.
- Set the following values:
Commands: 5 minutes
Data: 3 minutes
Connection Establishment: 2 minutes
Initial Greeting: 5 minutes
TCP Read: 5 minutes
Connection Termination: 15 minutes
- Click Apply, then click OK.
To set up a smarthost:
- Open the Groupwise ConsoleOne interface.
- Right-click the Internet Agent object, and click Properties.
- If the SMTP/MIME Settings page is not the default page, click theSMTP/MIME tab and click Settings.
- Set the number of SMTP Send Threads to the maximum number of simultaneous connections the Groupwise server will safely support.
- Enter the following smarthost in the field entitled Relay Host for Outbound Messages:
smtp-relay.gmail.com
- Click Apply, then click OK to exit.
- Once you have completed your configuration, send a test message to confirm that your outbound mail is flowing.
Changing server timeouts should not be necessary. In Sendmail, the server timeout is set in the value Timeout.datafinal. By default it is set to 1 hour. IfTimeout.datafinal has been changed to a lower value, raise the value to 1 hour.
To configure a smarthost for Sendmail:
- Add the following line to the /etc/mail/sendmail.mc file:
define(`SMART_HOST', `smtp-relay.gmail.com')
- Stop and restart the sendmail server process.
- Once you have completed your configuration, send a test message to confirm that your outbound mail is flowing.
To set up a smarthost:
- In Server Admin, select Mail and click Settings.
- Under Relay all mail through this host, enter the following:
smtp-relay.gmail.com
- Click Save to close the Server Admin.
- Restart the mail service.
- Once you have completed your configuration, send a test message to confirm that your outbound mail is flowing.
You may first need to increase server timeouts before setting up a smarthost. The default timeout is 1200 seconds, which is long enough. If this value has been previously changed, then edit the file /var/qmail/timeoutsmtpd and increase it to at least 900 seconds.
To set up a smarthost for Qmail:
- Edit (or create) the file /var/qmail/control/smtproutes and append the following line:
:smtp-relay.gmail.com:25
- If you have certain internal domains whose traffic should not be routed to Google, you will want to add specific routing to the appropriate mail server to the /var/qmail/control/smtproutes file using the following syntax:
- <InternalDomain>:<ServerForInternalDomain>
- Stop and restart the Qmail server.
- Once you have completed your configuration, send a test message to confirm that your outbound mail is flowing.
To set up a smarthost for Postfix:
- Add the following line to your configuration file (example path /etc/postfix/main.cf):
relayhost = smtp-relay.gmail.com:25
- Restart Postfix by running the following command:
# sudo postfix reload
- Once you have completed your configuration, send a test message to confirm that your outbound mail is flowing.
Comments
1 comment
International Domain website design
Please sign in to leave a comment.