Split Delivery with Google Workspace

What is "Split Delivery"?

Split Delivery is a common technique used when two seperate Mailservers handle one signular E-Mail Domain.

Example: Mailserver 1 handles user@domain.com and Mailserver 2 handles servicemail@domain.com

What is required

• Two seperate Mailservers (Google Workspace / G-Suite and Mailcow in this Case)
• Access and Understanding to DNS Records
• Understanding of DKIM/SPF
• Understanding of Mail Routing Policies
• Administrator Access to Mailcow
• Administrator Access to Google Workspace Admin / Google Admin Console

1. Mailcow Configuration

1. Open Mailcow Admin UI
2. Go to System - Configuraiton
3. Go to Options - Forwarding Hosts
4. Add public Mailserver IPs from Google here
   • 108.177.16.0/24
   • 108.177.17.0/24
   • 142.250.220.0/24
   • 142.250.221.0/24
   • 2600:1901:101::0/126
   • 2600:1901:101::4/126
   • 2600:1901:101::8/126
   • 2600:1901:101::c/126
   • 2600:1901:101::10/126
   • 2600:1901:101::14/126
     
   • 209.85.128.0/17
   • 74.125.0.0/16
   • 66.249.80.0/20
   • 173.194.0.0/16
   • 64.233.160.0/19
   • 172.217.0.0/16

2. Google Configuration

This Part is in German, English Names might be slightly different

2.1 Configure Mailcow Forwarding Host

1. Open Google Admin Console
2. Go to Apps - Google-Workspace - Gmail
3. Click Hosts
4. Click Route hinzufügen
   • Set Name, Hostname and Port of your second Mailserver to which E-Mails will be forwarded to
   • Enable TLS requirements and Host check. While not necessary, it is recommended

2.2 Configure Mail List

This Step creates a fixed List of Mail Addresses that will be forwarded. Will this is not strictly necessary, its a absolute way to make sure they're being forwarded

1. Open Google Admin Console
2. Go to Apps - Google-Workspace - Gmail
3. Click Routing
4. Click Adresslisten verwalten
5. Click Adressliste hinzufügen
   • Add all your Mail-Addresses
   • Uncheck Authentifizierung erforderlich

2.3 Add Route to Google

1. Open Google Admin Console
2. Go to Apps - Google-Workspace - Gmail
3. Click Routing
4. Click Routing-Regel hinzufügen
   1. Set Name
   2. Select Eingehend and Intern - Empfangen
   3. (Optional) Enable Benutzerdefinierten Betreff voranstellen and add [G-SUITE-RELAY]
   4. Enable Route ändern and select your Mailserver Host created in 2.1
   5. Click Optionen einblenden
   6. Select Unbekannte/Catchall Konten

3. DNS Configuration

3.1 Add Google Mailserver' MX-Records

Based on Hetzner DNS

3.2 Add SPF/DKIM Records

3.2.1 DKIM

1. Open Google Admin Console
2. Go to Apps - Google-Workspace - Gmail
3. Click E-Mail authentifizieren
4. Select your Mail Domain

3.2.2 SPF

You should edit your existing SPF Record from Mailcow, do not create a new one!

v=spf1 include:_spf.google.com ip4:<mailserver-ip> -all

include:_spf.google.com is the important part here. You simply include the SPF Configuration from Google