Duet AI is now Gemini for Google Workspace. Learn more

Add mail servers for Gmail email routing

Typically, Gmail is set up for direct delivery. Direct delivery sends all messages for people in your domain to their Gmail inbox. Direct delivery setup is described in Activate Gmail for Google Workspace.

You may want to set up other email delivery options, especially when you manage your own email servers. For example, you might want to deliver Microsoft Exchange messages to an on-premise email server. To set up other email delivery options, you must first add mail routes for your on-premise servers using the Add Route setting. 

Learn more about email routing at Email routing and delivery.

Add a mail route for your domain

Before you begin: In these steps, you'll enter the hostname or the IP address for the email server where you want to deliver email. Have this information ready when adding a new mail route for your domain. If you don't know your server's hostname or IP address, contact your server provider or check the support information for your server.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. In the Admin console, go to Menu and then Appsand thenGoogle Workspaceand thenGmailand thenHosts.
  3. Click Add Route.
  4.  In the Add mail route box, take these steps:
    Setting options What to do
    Name Enter a name or description for the new mail route. If this field is empty, you can't save the new setting.
    Specify email server
    1. Click the menu  and select a host option: Single host or Multiple hosts.
    2. Under the host options menu, enter server IP addresses or hostnames:
      • If you selected Single host, enter the server hostname (recommended) or IP address. Enter the port number: 25, 587, or a number from 1024 to 65535. You can't use port 465 for the single host option.
      • If you selected Multiple hosts, specify multiple primary and secondary hosts for load balancing and backup. Enter the server hostnames (recommended) or IP addresses in the Primary and Secondary host tables.

        The total load for the servers you add must total 100% in each table. For example, in the Primary host table, if you added two hosts, enter 50 in the Load % field for each server.

    1. Select the options for the new route. Options with Recommended are on by default for new routes:
      • Perform MX lookup on host—Deliver to the hosts associated with the domain you entered. If you entered a domain, check this box to verify the host MX record and deliver to the servers in the domain MX record. If you entered an email server, leave this box unchecked..
      • Require mail to be transmitted over a secure transport (TLS) connection (Recommended)—Encrypt messages between sending mail servers and receiving mail servers with Transport Layer Security (TLS).
      • Require CA signed certificate (Recommended)—The client SMTP server must present a certificate signed by a Certificate Authority that is trusted by Google.
      • Validate certificate hostname (Recommended)—Verify that the receiving hostname matches the certificate presented by the SMTP server.
    2. To verify the connection to the servers that you added, click Test TLS connection.
  5. At the bottom of the Add mail route box, click Save.

Changes can take up to 24 hours but typically happen more quickly. Learn more

You can track changes in the Admin console audit log.

“Could not validate certificate” error

If you click Test TLS connection and get a certificate validation error, messages sent from your organization will bounce, even though you could save the new mail route. 

To fix the error, try one or more of these solutions:

  • If your mail server has more than one host name, make sure you’re using the host name that’s on the server’s certificate.
  • If you have access to the mail server on the route, install a new certificate from a trusted Certificate Authority. Verify the new certificate has the correct host name.
  • If you use a third-party mail relay service, contact the service provider about this error.
  • Uncheck the box for one or more of these options:
    • Require mail to be transmitted over a secure transport (TLS) connection
    • Require CA signed certificate
    • Validate certificate hostname

    Important: We recommend keeping these options turned on whenever possible so the connection can be verified.

Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?
Clear search
Close search
Google apps
Main menu