# Split Delivery with Google Workspace

### What is "Split Delivery"?

Split Delivery is a common technique used when two seperate Mailservers handle one signular E-Mail Domain.

Example: Mailserver 1 handles `user@domain.com` and Mailserver 2 handles `servicemail@domain.com`

### What is required

- Two seperate Mailservers (Google Workspace / G-Suite and Mailcow in this Case)
- Access and Understanding to DNS Records
- Understanding of DKIM/SPF
- Understanding of Mail Routing Policies
- Administrator Access to Mailcow
- Administrator Access to Google Workspace Admin / Google Admin Console

### 1. Mailcow Configuration

1. Open Mailcow Admin UI
2. Go to *System* - *Configuraiton*
3. Go to *Options* - *Forwarding Hosts*
4. Add public Mailserver IPs from Google here 
    - `108.177.16.0/24`
    - `108.177.17.0/24`
    - `142.250.220.0/24`
    - `142.250.221.0/24`
    - `2600:1901:101::0/126`
    - `2600:1901:101::4/126`
    - `2600:1901:101::8/126`
    - `2600:1901:101::c/126`
    - `2600:1901:101::10/126`
    - `2600:1901:101::14/126`
    - `209.85.128.0/17`
    - `74.125.0.0/16`
    - `66.249.80.0/20`
    - `173.194.0.0/16`
    - `64.233.160.0/19`
    - `172.217.0.0/16`

### 2. Google Configuration

<p class="callout info">This Part is in German, English Names might be slightly different</p>

#### 2.1 Configure Mailcow Forwarding Host

1. Open Google Admin Console
2. Go to *Apps* - *Google-Workspace* - *Gmail*
3. Click *Hosts*
4. Click *Route hinzufügen*
    - Set *Name*, *Hostname* and *Port* of your second Mailserver to which E-Mails will be forwarded to
    - Enable TLS requirements and Host check. While not necessary, it is recommended

#### 2.2 Configure Mail List

<p class="callout info">This Step creates a fixed List of Mail Addresses that will be forwarded. Will this is not strictly necessary, its a absolute way to make sure they're being forwarded</p>

1. Open Google Admin Console
2. Go to *Apps* - *Google-Workspace* - *Gmail*
3. Click *Routing*
4. Click *Adresslisten verwalten*
5. Click *Adressliste hinzufügen*
    - Add all your Mail-Addresses
    - Uncheck *Authentifizierung erforderlich*

#### 2.3 Add Route to Google

1. Open Google Admin Console
2. Go to *Apps* - *Google-Workspace* - *Gmail*
3. Click *Routing*
4. Click *Routing-Regel hinzufügen*
    1. Set Name
    2. Select *Eingehend* and *Intern - Empfangen*
    3. (Optional) Enable *Benutzerdefinierten Betreff voranstellen* and add `[G-SUITE-RELAY]`
    4. Enable *Route ändern* and select your Mailserver Host created in 2.1
    5. Click *Optionen einblenden*
    6. Select *Unbekannte/Catchall Konten*

### 3. DNS Configuration

#### 3.1 Add Google Mailserver' MX-Records

<p class="callout info">Based on Hetzner DNS</p>

<table border="1" id="bkmrk-record-type-domain-v" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 25%;"></col><col style="width: 25%;"></col><col style="width: 25%;"></col><col style="width: 25%;"></col></colgroup><tbody><tr><td>**Record Type**</td><td>**Domain**</td><td>**Value**</td><td>**Priority**</td></tr><tr><td>`MX`</td><td>`@`</td><td>`aspmx.l.google.com.`</td><td>`1`</td></tr><tr><td>`MX`</td><td>`@`</td><td>`alt1.aspmx.l.google.com.`</td><td>`5`</td></tr><tr><td>`MX`</td><td>`@`</td><td>`alt2.aspmx.l.google.com.`</td><td>`5`</td></tr><tr><td>`MX`</td><td>`@`</td><td>`alt4.aspmx.l.google.com.`</td><td>`10`</td></tr><tr><td>`MX`</td><td>`@`</td><td>`alt3.aspmx.l.google.com.`</td><td>`10`</td></tr></tbody></table>

#### 3.2 Add SPF/DKIM Records

##### 3.2.1 DKIM

1. Open Google Admin Console
2. Go to *Apps* - *Google-Workspace* - *Gmail*
3. Click *E-Mail authentifizieren*
4. Select your Mail Domain

<table border="1" id="bkmrk-record-type-domain-v-1" style="border-collapse: collapse; width: 100%; height: 59.2px;"><colgroup><col style="width: 33.3333%;"></col><col style="width: 33.3333%;"></col><col style="width: 33.3333%;"></col></colgroup><tbody><tr style="height: 29.6px;"><td style="height: 29.6px;">**Record Type**</td><td style="height: 29.6px;">**Domain**</td><td style="height: 29.6px;">**Value from Google**</td></tr><tr style="height: 29.6px;"><td style="height: 29.6px;">TXT</td><td style="height: 29.6px;">google.\_domainkey</td><td style="height: 29.6px;">v=DKIM1; k=rsa;....</td></tr></tbody></table>

#### 3.2.2 SPF

<p class="callout warning">You should edit your existing SPF Record from Mailcow, do not create a new one!</p>

`v=spf1 include:_spf.google.com ip4:<mailserver-ip> -all`

`include:_spf.google.com` is the important part here. You simply include the SPF Configuration from Google