Split Routing Email

btraill

All,

This is my first time where I have a client with a very specific requirement. They pay for one single user license with Google Workspace for an admin@domain.com email. They want to also leverage local mailboxes from Enhance for subsequent/additional mailboxes to save on costs. (Example info@domain.com)

I had thought we could set their domain's mail in Enhance to "Remote Mail", utilize the Google MX records, and then enable "Split Routing" within Google Workspace to route specific email destined to specific addresses. (This is well documented online and works)

Having said that, I'm running into an issue where when I send an email from any address to info@domain.com (the mailbox on the Enhance side) -- Google's mail servers are responding with a "Your message couldn't be delivered to admin@domain.com because the remote server is misconfigured. 554 5.7.1 : Relay access denied."

Does Enhances mail server default implementation prevent utilizing Googles Split Routing to relay mail back to Enhance's mailboxes?

Any help would be greatly appreciated.

raymondnkosi

I've currently got Split Routing working with Google Workspace and an Enhance mail server. What port are you sending the email to on the Enhance mail server?

btraill

raymondnkosi

Excellent to hear someone else has this working. The screenshot my client sent me only had a text input for an IP address and did not mention port.

Perhaps it's time to get some better access/visibility into their backend. I haven't used GCC/and or Workspace in quite some time.

raymondnkosi

Yes, you will definitely need access to their Google Workspace environment as that will make things a lot easier.

If I remember correctly, your Enahce mail server needs to first be added as a host in their Google Workspace under Gmail settings.

I am using the mail.myserverdomain.com domain for my Enhance mail server as the hostname and I have found that only port 25 works.

Then, once you have added your server as a host, use the routing section under Gmail settings to set the email routing instead of the split delivery section. You can completely ignore the split delivery option.

That should work, let me know if you need any further assistance then I can send you some screenshots once I get home.

btraill

raymondnkosi Really appreciate you taking the time to respond. I'll get on making these changes and report back.

btraill

raymondnkosi

I've gone and done this (host added using port 25, routing configured for a specific mailbox), and using the gmail email logging tool I can see this:

info@domain.com
Jun 18, 2025, 6:26:02 PM
0.93 seconds
Bounced
Jun 18, 2025, 6:26:01 PM
Received from an SMTP server with IP address: XXX.XX.XXX.XX (TLS enabled)
250 2.0.0 OK
Jun 18, 2025, 6:26:01 PM
Inserted into Gmail delivery pipeline
Jun 18, 2025, 6:26:01 PM
In progress
Matched rules:
Routing: Split Delivery
Go to this setting
Jun 18, 2025, 6:26:01 PM
Inserted into Gmail delivery pipeline
Jun 18, 2025, 6:26:01 PM
Bounced
Google tried to deliver your message, but it was rejected by the relay mail.mailserverdomain.com [XX.XXX.XX.XXX].

The error that the other server returned was:
554 5.7.1 : Relay access denied

I've also gone as far as adding the IP ranges Google documents and white listed them in the Mail server settings in Enhance. (I used network ranges, though. Not sure if that supports/accepts addresses in CIDR notation)

Maybe I have some misunderstanding here/not sure if any of this is relevant:

1) Do I need to use [my] mail servers PTR address? Or can I use the clients mail.clientdomain.com? My clients mail subdomain resolves to my mail servers IP.
2) Do you have the clients mail settings in Enhance set as Local or Remote?

Additionally, even after adding the IP's to the email servers whitelist -- I see nothing in my servers Postfix config that would lead me to believe they are whitelisted.

It's looking like the issue is still related to access. I need to permit/whitelist the Google networks. (Which I thought I was doing in the Mail whitelisting settings of Enhance)

Edit: I tried adding the relay_recipient_maps postmap, as-well as the domain to relay_domains, and then reloaded postfix... No change. Still denied access.

Edit 2: Progress! Shaking my head... I never verified DKIM setup in Workspace. It was missing. I can now see the email flowing from Google to my mail server... but the email isn't hitting the Enhance inbox for some reason. I can see it in rspamd logs/WebGUI and it has a negative spam score/no issues to be dropped. Is it because I selected "Remote mail", so Enhance doesn't consider any inbound mail destined to 'local' mailboxes?

Edit 3: More Progress! If I switch to local mail in Enhance for the clients domain -- and keep MX records for google.. then it works... but that setup is confusing to me and then inter-domain email doesn't work between an address hosted with Enhance to an address on Workspace. I must be fundamentally missing something here 🙁

Steamon

btraill If I configure a spamexperts relay. Any website e-mail like local info to local info mailbox it will go trough enhance not trough spamexperts.

I already try something to test this but it will loop otherwise think its a postfix thing.

I indeed keep the mail on local mail on the interface on Enhance when using a relay.