Inbound mail gateway

Editions supported: Inbound gateways are available in Google Apps for Business and Education. Compare editions now

An inbound mail gateway is a server through which all incoming mail for your domain passes. The gateway typically processes the mail in some way — such as archiving it or filtering out spam — then passes the mail on to the mail server that delivers the messages to the recipients.

When you use an inbound mail gateway, the MX records for your domain point to the inbound mail gateway server. You configure the gateway server to pass the incoming mail on to the Google Apps mail servers, and configure the Google Apps mail servers to accept a stream of incoming mail from the gateway server.

To configure an inbound mail gateway:

  1. Update your domain's MX records so that the highest priority record refers to the inbound mail gateway server.

    See Creating MX records for detailed instructions.
     
  2. Configure the inbound mail gateway server to deliver mail to the Google Apps mail servers.

    The configuration steps differ depending on the gateway server.
     
  3. Sign in to the Google Admin console
     
  4. Click Google Apps > Gmail > Advanced settings
  5. In the Organizations section, highlight your domain (top-level org).
     
  6. In the Inbound gateway box, enter the IP address of the inbound mail gateway server.

    If you have more than one gateway server, enter an IP range in CIDR notation or separate each IP address with a comma.
     
  7. Select the check box Only let my users receive email from the email gateways listed above.

    This setting ensures that all incoming email comes through the inbound gateway server and is therefore properly filtered or archived. The Google Apps mail servers will reject incoming mail from any other mail server.
     
  8. Click Save changes at the bottom of the Email settings page.
     
  9. Verify that incoming mail is properly delivered.

    Once the Time to Live (TTL) has expired for the MX records that you changed in step 1, send an email message to a user in your domain (see Avoid bounced messages after changing MX records for more details about how TTL works). Confirm that (a) the inbound gateway server processes it and (b) the user receives the message in his or her inbox.