Mail Routing For G Suite and Office 365 Tenants

Overview:

  1. About this guide
    1. Audience
    2. Using this guide
  2. Mail routing for G Suite and Office 365 tenants with Cloudiway
    1. Will mail routing work with my systems?
    2. Scenario 1: Mail routing during cutover mail migration
      1. Benefits
      2. Considerations
    3. Scenario 2: Mail routing during staged migration
      1. Benefits
      2. Considerations
    4. Scenario 3: Mail routing during enterprise coexistence
      1. Calendar free/busy
      2. GALsync
  3. Security
  4. Set up Cloudiway for mail routing
    1. Before you start
    2. Contact Cloudiway
    3. Scenario 1: Short-term domain transformation configuration
    4. Scenario 2/3: Setup inbound and/or outbound mail routing rules (domain level)
    5. Scenario 2/3: Setup inbound and/or outbound mail routing rules (user level)
      1. Option 1: CSV import
      2. Option 2: Single user creation details
    6. Activate the Cloudiway mail routing service
  5. Set up your remote systems for mail routing
    1. Before you start
    2. Inbound routing: Update your MX records
    3. Inbound routing: Add the Mail Routing Server IP as an allowed IP address
    4. Outbound routing: G Suite — Configure your outbound flow
    5. Outbound routing: Office 365/Exchange — Configure your outbound flow
    6. Outbound routing: Add an SPF record to your DNS
  6. Post-activation options
    1. Check logs
    2. Stop mail routing
  7. Troubleshooting

1. About this guide

1.1.  Audience

This guide is aimed at system administrators who are capable of connecting to remote systems such as G Suite for Business and Office 365 Admin Panel. Mail routing is usually a detailed setup that requires a high level of competence and experience with mail servers.

Although we provide support for our own products, we do not provide support for third party products such as PowerShell or server administration of Google or Exchange.

If you are concerned you might have any difficulty completing these steps, please consider a solution with our consulting team, contactable via sales@cloudiway.com. This will ensure a fast, cost-effective and stress-free implementation.

1.2. Using this guide

This guide provides steps for setting up mail routing using the Cloudiway platform, as well as details of any remote system configuration required. It uses the domain drypizza.com as an example of mail routing between Office 365 tenants. It also uses warmsushi.com as an example of a non-Office 365 system.

The screen dumps used in this guide reflect these business names to provide typical examples of data to enter into each field.

Whitepapers and guides covering Cloudiway’s other products, such as general mail migration, are available from the Cloudiway website (www.cloudiway.com).

2. Mail Routing For G Suite and Office 365 Tenants with Cloudiway

Cloudiway’s mail routing migration solution helps businesses implement elaborate mail forwarding systems through a simple SaaS interface. As a result, mail routing with Cloudiway requires no additional software installation or overhead. You simply need to point your MX records to Cloudiway’s mail routing platform and/or set up a smart host agent.

In addition, the Cloudiway mail routing platform is flexible, so mail migrations can be performed before, during or after mail routing, depending on your system setup and business requirements.

Regardless of the approach, all mail routing via the Cloudiway platform can be achieved without interruption to the end user.

2.1. Will mail routing work with my systems?

Mail routing can take place from any remote server that works on the application layer protocol (SMTP) to Office 365, Gmail or Exchange On-Premises. It can also take place between any of these services.

If you are using Exchange On-Premises 2010 or any other system, please get in touch with our technical consultants at presales@cloudiway.com to discuss how mail routing can be implemented with your combination of remote systems.

Mail routing can also be a long-term solution, providing one aspect of enterprise coexistence (along with free/busy calendar synchronization and global address list synchronization, both explained later in this chapter), or it can be a short-term solution during a transition involving mail migration. Two of the most common mail routing scenarios are discussed in detail below.

2.2. Scenario 1: Mail routing during cutover mail migration

A cutover mail migration is a strategy normally completed over a single weekend. This one-shot approach is the simplest method of mail migration, and therefore the most popular choice.

After a cutover migration, many businesses need to update their domain names at their new mail system to match their previous system. However, moving domains from Office 365 tenants can take up to 48 hours. During this time, domains are unavailable. As a consequence, emails sent to users in those domains will result in non-delivery reports. Cloudiway’s mail routing platform can be used to prevent delivery failures during the transition, ensuring all incoming mail is routed to the intended user regardless of the status of the domain.

The following diagram is an example of cutover migration between two Office tenants. Prior to migration or mail routing, when a mail was sent to bob@drypizzza.com, it was delivered to the old office 365 tenant, which was associated with the domain name drypizza.com.

This changes during mail routing (when the process can begin to detach drypizza.com from the old tenant). A new mail sent to bob@drypizza.com will be routed to the Cloudiway platform. In the example below, Cloudiway will then redirect mail to the old tenant (dp.onmicrosoft.com), changing only the ‘to’ header in the original email message. Other paths are possible, but we recommend this one.

Note that Bob can reply to the email, but it will be sent from bob@dp.onmicrosoft.com because outbound mail is not set up for short-term cutover migrations (and drypizza.com has begun being detached, so it’s no longer available). To avoid this situation and other similar situations, Cloudiway recommends that you keep mail flow pointing to the old tenant (as shown above) and perform a cutover during non-working hours.

2.2.1. Benefits

As well as the seamless delivery of mail offered by Cloudiway mail routing, using the service during a cutover mail migration has the following benefits:

  • the fastest and simplest form of routing mails;
  • totally transparent, with no need to setup aliases for each user; and,
  • new mails are received in the target messaging system.

2.2.2. Considerations

The TTL (‘Time To Live’ setting) of your DNS MX records may maintain cache. The issue may be addressed by decreasing the value of the TTL to the allowed minimum. The TTL is displayed in seconds, so 3600 is equal to 1 hour, for example. The minimum is often 15 minutes, which is equivalent to 900 seconds.

2.3. Scenario 2: Mail routing during staged migration

A staged migration allows you to migrate batches of mailboxes over the course of a few weeks or months. During the process, your messaging system is subjected to constant variations. For example, user mailboxes might be created or deleted; or some DNS domains might be added or depreciated.

The Cloudiway platform provides the redirection of incoming emails to the correct mailbox regardless of its migration status (inbound service).

The diagram below shows a typical migration from Gmail to Office. A non-migrated user, chloe@warmsushi.com, continues to receive new mails in her inbox at the old Gmail tenant. A migrated user, bob@dpnew.onmicrosoft.com, will now receive emails sent to bob@warmsushi.com at the new Office 365 tenant.

The Cloudiway mail routing platform also performs proxy server services, and rewrites any From mail headers to match the business needs and system setup (outbound service). This means that Bob can continue to send emails as bob@warmsushi.com until mail routing is deactivated.

2.3.1. Benefits

As well as the seamless delivery of mail offered by Cloudiway mail routing, using the service during batch migrations has the following benefits:

  • many flexible migration strategies (eg, choose source or destination delivery);
  • hides complex IT infrastructure for internal and external users; and,
  • no disruption to end users for the duration of mail routing, with or without migration.

2.3.2. Considerations

The Cloudiway mail routing platform does not yet support TLS/SSL encryption. The mail routing platform requires authorizes IP addresses on both sides.

2.4. Scenario 3: Mail routing during enterprise coexistence

Enterprise coexistence allows businesses to work as one company and is often used during mergers and acquisitions, and sometimes indefinitely if the business need requires it.

The coexistence platform is made up of three tools

  • mail routing (the subject of this guide);
  • calendar free/busy synchronization; and,
  • GALSync for synchronizing global address lists.

2.4.1. Calendar free/busy

Cloudiway provides a coexistence tool for calendar free/busy time display. For example, a G Suite user on one can check the free/busy time of an Office 365 user. Coexistence manages cross-platform communication with no impact on the end user. It provides a seamless connection between two or more different remote systems during migration.

Calendar free/busy synchronization works between any mix of Office 365 tenants, G Suite and Exchange On-Premises.

2.4.2. GALsync

GALsync stands for global address list synchronization, allowing automatic updates between global address lists to ensure they remain synchronized. GALsync works between multiple address books through a simple configuration online, which sends pull requests to other address books configured for communication. When mail routing is used during long-term coexistence, this ensures that all address book updates, such as new users, deleted users, or users with changed details, are propagated to all other address books configured for GALsync.

More information about each of these products is on the Cloudiway website at www.cloudiway.com. To discuss any of these tools further, please get in touch with your existing Cloudiway contact, or via sales@cloudiway.com.

3. Security

For more information about security, please refer to this article.

4. Set up Cloudiway for mail routing

4.1. Before you start

Before you start, please ensure you have the details outlined in the following table.

Name Description Location
Cloudiway login Stores details and provides communication between the systems you already use. https://apps.cloudiway.com
Knowledge base access Our extensive knowledge base is always accessible, with videos, troubleshooting tools, samples and more. http://kb.cloudiway.com
Decreased TTL of DNS MX records If inbound mail routing is part of your business need, ensure the TTL of each MX record is set to the minimal value: this reduces caching time when you will switch your MX records. Your domain provider.

4.2. Contact Cloudiway

Mail routing requires some configuration by your Cloudiway contact services@cloudiway.com, so you will need to get in touch with Cloudiway at the start of your project. A Cloudiway consultant will add the mail routing add-on to your project account and will work with you to setup the mail routing.

  • If you’re using the outbound mail relay with an On Premises infrastructure, you will have to provide the public IP addresses of your mail servers: the Cloudiway platform is not open relay, so we will whitelist your IPs).

Follow the scenario sections below to suit your situation:

Scenario 1 Short-term domain transformation configuration (maximum around 48 hours).

Scenario 2: Longer-term domain routing (during batch migration or coexistence), using inbound or outbound rules or both, with the option of creating rules for individual users.

4.3 Scenario 1: Short-term domain transformation configuration

The Relay section of the Cloudiway mail routing platform is the simplest form of mail routing. It’s used for inbound, short-term mail routing only, such as when moving a domain between Office 365 tenants, which normally takes up to 48 hours, and when no changes to usernames are required.

For longer term or more involved mail routing, skip these steps and go to section 4.4.

  1. From your browser, go to https://apps.cloudiway.com and login
  2. Click on Mail Routing on the menu on the left (this must be activated by Cloudiway, so make sure you’ve read the previous section to supply all the details needed before activation)
  3. Click on Relay, then Configuration
  4. Click on the Domains menu on the Action bar at the bottom of the screen, then select Create Domain Mapping to display the dialog box for creating a new domain mapping
  5. Type your original and redirected email domains in the fields
  6. Click on the Create button to add the details to the domain mapping list
  7. Repeat the steps above to add any additional domain mappings required.

There is no user list associated here. If you need to make username changes, please contact Cloudiway, or follow the next sections instead. Otherwise, you can skip to section 4.4.

4.4. Scenario 2/3: Setup inbound and/or outbound mail routing rules (domain level)

The Cloudiway mail routing platform can work as an incoming or outgoing mail server for any domain. Setting up routing rules will ensure that all users within one domain have their mail routed. However, if any mail alias changes are required (ie, the prefix before the @ symbol in an email address), it’s imperative that users are added to the user list on the Cloudiway mail routing platform. The steps are covered later in this scenario. The steps below cover the domain level.

To use inbound mail routing, simply follow the steps below to configure the Cloudiway platform, then add your users and point your MX records to the Cloudiway mail routing server (covered in later sections). You can have as many inbound mail rules as you need for multiple domains and multiple Office 365 tenants.

Outbound mail routing is setup in exactly the same way on the Cloudiway platform, so you can follow the steps below if your mail routing scenario requires outbound mail routing. You can have as many outbound mail rules as you need for multiple domains and multiple Office 365 tenants. Remember that when configuring outbound mail routing, the ‘original’ email domain or sender will be the address you wish to rewrite, rather than your preferred domain name.

  1. From your browser, go to https://apps.cloudiway.com and login
  2. Click on Mail Routing on the menu on the left (this must be activated by Cloudiway, so make sure you’ve read the previous section to supply all the details needed before activation)
  3. Click on Inbound, then on Configuration
  4. Click on the Domains menu on the Action bar at the bottom of the screen, then select Create Domain Mapping to display the dialog box for creating a new domain mapping
  5. For inbound mail, enter the original email domain in the first field, and the domain where incoming mail will be redirected to in the second field
    Note: if you wish to add individual usernames to the list, this is done elsewhere, later
  6. Click on the Create button to add the details to the domain mapping list
  7. Repeat the steps above to add any additional domain mappings required.
  8. For any outbound services required, click on the Outbound submenu of the mail routing area, then click on Configuration, and repeat steps 4 to 7 above.

4.5. Scenario 2/3: Setup inbound and/or outbound mail routing rules (user level)

If your mail routing needs don’t involve any mail alias (username@) changes, the Cloudiway mail routing platform will use any domain level rules you’ve already setup to blanket route mail (for example, from *@youroriginal.domain to *@yournew.domain).

However, if any mail alias changes are required, they will need to be added to the mail routing user list. The Cloudiway mail routing platform will first check this user list before redirecting any incoming mail or rewriting any outgoing mail. If it finds a mail alias, it checks the updated mail alias and routes mail accordingly (for example, if bob@warmsushi.com is listed with an updated email address of bob.owen@drypizza.com, email will be redirected to bob.owen@drypizza.com). If it doesn’t find an entry for bob@warmsushi.com, it will check the server level routing rules and, using the examples in this guide, redirect email to bob@drypizza.com.

Note that if outbound mail from Bob’s new alias (bob.owen@drypizza.com) still needs to look like it’s coming from bob@warmsushi.com, this it should be listed in the Outbound user list too. The source in this case would be bob.owen@drypizza.com with a target of bob@warmsushi.com.

Users added to the mail routing user list do not require a license.

There are two ways to add users to the mail routing user list. These include:

  • CSV file upload; and,
  • creation of single users.

4.5.1. Option 1: CSV import

If you have a CSV file of users affected by username changes, you can upload the file to Cloudiway. The file must have the following fields in the header row, ‘;’ is used as a field separator:

Source;Target

When uploading a CSV file, please note that any existing users will be overwritten. Therefore, once you have users in your user list, make sure you export the existing user list via the Users, Export UserList command on the Action bar before re-uploading the exported CSV file.

  1. Ensure you’re still in the Mail Routing area of apps.cloudiway.com and go to either the Inbound page or the Outbound page (we’ve used inbound examples here)
  2. Click on Users on the Action bar at the bottom and select Upload CSV
  3. If required, click on Download sample CSV and add your users to the CSV file using the sample headers (Source;Target)
  4. When you have a complete CSV file with the correct headers, click on the Upload button
  5. Locate your CSV file within your own file system, and double-click on it to select it
  6. Click on the OK button to upload the CSV file to the Cloudiway platform If the CSV file format is not correct, you will see an error message on your screen
  7. If you see any error messages, check your CSV file to ensure it has two columns, and try uploading again
  8. Once the CSV file format is correct, you will see a confirmation message at the top of your screen:
  9. Check your email. When you have received confirmation that the upload has been completed, you can refresh the Cloudiway platform to display your imported users.

4.5.2. Option 2: Single user creation details

If you only need to add a new user or change just one or two users in your mail routing user list, you can use the single creation tool directly on the Cloudiway platform to save time. No need to export your existing CSV list, edit and re-upload!

Currently, existing users cannot be edited, so if you wish to update an existing user, make sure you delete the user first by selecting the checkbox beside the username and using the Users, Delete User(s) Mapping command from the Action bar.

  1. Ensure you’re still in the Mail Routing area of apps.cloudiway.com and go to either the Inbound page or the Outbound page (we’ve used inbound examples here)
  2. Click on Users in the bottom left corner and select Create User Mapping to display the following pop-up box:
  3. Enter the source and target email addresses for the user
  4. Click on the Create button
  5. Repeat steps 1 to 4 for any more mail alias rules required.

4.6. Activate the Cloudiway mail routing service

Now is a good time to double-check that your mail routing configuration on the Cloudiway platform matches the scenario you wish to achieve. If everything looks correct, you can activate the mail routing service.

Activating the service doesn’t mean that mail routing will begin right away. For incoming mail routing, you need to point your MX records to the Cloudiway platform. For outgoing mail, you must configure your remote system or systems to first reroute outgoing mail to Cloudiway (see the following sections).

Using the Push command on the Cloudiway platform will launch an asynchronous update job, and when the update is complete, you will receive a confirmation email in the inbox associated with your Cloudiway account. This means that mail routing on the Cloudiway side has successfully activated.

  1. From the Mail Routing area of apps.cloudiway.com, click on the Push button on the Action bar
    You will be asked to confirm the updates:
  2. Click on the Confirm button to initiate the push request, and check your inbox for progress.

Mail routing will normally commence right away, and you will receive a confirmation email at the email address associated with your Cloudiway account. If you haven’t received the confirmation email within two hours, please open a ticket via http://support.cloudiway.com.

5. Set up your remote systems for mail routing

If your business requirements include outbound mail routing, you will need to follow the sections below to ensure that your remote systems are setup to route emails via the Cloudiway platform, to allow for the email addresses and any From headers to be rewritten.

5.1. Before you start

Before you start, you will need to ensure you have the details outlined in the following table. As a courtesy, this guide provides remote system configuration details for the most popular mail systems — Office 365/Exchange and Gmail. If you use a different system and need help, consider engaging a Cloudiway consultant.

Name Description Location
Knowledge base access Our extensive knowledge base is always accessible, with videos, troubleshooting tools, samples and more. http://kb.cloudiway.com
Google Admin console If Gmail is to be used as part of a mail routing setup, this is where the outbound mail configuration is set by a system administrator. https://admin.google.com
Office 365 admin account If Office 365 is to be used as part of a mail routing setup, this is where the outbound mail configuration is set by a system administrator. https://outlook.office365.com
Domain provider admin account This is required for access to change MX record to point to the Cloudiway servers (inbound flow or domain detaches).

5.2. Inbound routing: Update your MX records

If your mail routing scenario uses inbound mail routing, you must point your DNS MX records to the Cloudiway mail routing service before mail routing can commence. If you haven’t already, make sure you decrease the TTL of each MX record to the minimal value, so that there will be no caching issue when you will switch your MX records. You should already have the Cloudiway mail routing service’s address, so point your MX records to this when you’re ready to begin inbound mail routing.

5.3. Add the Mail Routing Server IP as an allowed IP address

To avoid having the incoming emails arrive in your spam folder, you have to add the mail routing server IP address as an allowed IP address in your target tenant. To do so follow the steps below:

  1.  Go to Exchange admin center.
  2. Click on Protection, then click on Connection Filter.
  3. Click on the pen to edit, then click on connection filtering and add the IP address to the IP Allow List as shown in the screenshot below.

5.4. Outbound routing: G Suite — Configure your outbound flow

This section only applies if you’re using G Suite for outbound mail flow. For routing outbound mails, or rewriting From mail headers, you will need to reroute your mail flow to use Cloudiway’s mail routing service.

Once you have heard back from Cloudiway and have the outbound gateway for details for mail routing, you can begin configuration.

  1. In your browser, go to https://admin.google.com and login with your Admin console credentials
  2. Click on Apps icon for managing apps and their settings
  3. Click on the G Suite icon, then on the line of text for Gmail (don’t click on the icon itself)
    The following screen will appear with your organization’s details:
  4. Scroll down the list of options and click on Advanced Settings
  5. In the search bar at the top, type outbound gateway
  6. Ensure that the option to Allow per-user outbound gateways is activated
  7. In the text area for Outbound gateway, type the domain name or IP address sent to you by Cloudiway (note: the screen below provides a sample that is not real)

5.5. Outbound routing: Office 365/Exchange — Configure your outbound flow

This section only applies if you’re using Office 365 or Exchange On-Premises for outbound mail flow. For routing outbound mails, or rewriting From mail headers, you will need to reroute your mail flow to use Cloudiway’s mail routing service.

Once you have heard back from Cloudiway, you should have the outbound gateway details for mail routing, which means you can begin configuration.

  1. Login with your administrator account to the Office 365 portal (or your Exchange server)
  2. Go to the Exchange admin center, then click on mail flow from the menu on the left
  3. Click on connectors near the top right of the screen to display the connector rules
  4. Click on the plus sign (+) to begin your mail flow scenario, where Cloudiway is classed as a ‘Partner organization’
  5. Click on the From drop-down and select your own server type (ie, Office 365 or Exchange On-Premises)
  6. Click on the To drop-down and select Partner organization
  7. Click on the Next button and add a name (and a description if you like)

    You have the checkbox option to turn on this rule immediately after it’s been saved, or to turn it on at a later time: leave it turned on to validate the connection during these steps (it can be turned off immediately after, if required)
  8. Click on the Next button and click on the option Only when email messages are sent to these domains
  9. Click on the plus sign (+) and add a single wildcard (*) to the pop-up box to redirect all domains to the Cloudiway mail routing platform, then click on the OK button

    Note: If you don’t want to redirect all your domains to the Cloudiway mail routing platform, you can add each domain name individually rather than typing a wildcard
    The wildcard will now be displayed in the New connector window:
  10. Click on the Next button and ensure that the option Route mail through these smart hosts is selected
  11. Click on the plus sign (+) and add the IP address or domain name supplied by Cloudiway for outbound mail routing, then click on the Save button

    The Cloudiway outbound server will now be added to the list on your screen
  12. Click on the Next button to see some connection options
  13. Uncheck Always use Transport Layer Security (TLS) to secure the connection so that it is not activated: Cloudiway doesn’t currently support TLS
  14. Click on the Next button to see the confirmation screen
  15. Click on the Next button, which will lead to an email flow validation screen:
  16. Click on the plus sign (+) and add any email address that exists outside of your Office/Exchange environment (a test email will be sent to it)
  17. Click on the Validate button to begin the validation process
    Three screens will show the validation progress, ending with successful completion:
  18. Click on the Close button and check that both tests were successful
  19. Click on the Save button to complete the configuration.

5.6. Outbound routing: Add an SPF record to your DNS

An SPF record (Sender Policy Framework record) identifies which mail servers are allowed to send email on behalf of your domain. This prevents spammers from sending messages with forged From addresses at your domain.

An SPF record to each domain involved with mail routing is therefore is required before mail routing can begin. This ensures that the Cloudiway mail routing service is not blacklisted, avoiding delays and downtime. When adding each SPF record, use the same Cloudiway IP or domain name given to you for creating the external connector or outbound flow.

6. Post-activation options

6.1. Check logs

The Cloudiway mail routing platform provides a text log of actions performed. You can check it at any time from the Relay, Inbound or Outbound areas of the platform but clicking on the Logs sub-menu.

6.2. Stop mail routing

When you’re ready to stop using Cloudiway’s mail routing service, follow the checklists below.

For inbound mail:

  1. Point your MX records at your new remote system.
  2. After the minimum time set in your TTL settings has passed, check that mail is now routing independently of Cloudiway.
  3. Change your TTL settings, to a longer minimum time, if desired.
  4. Send a request to Cloudiway to close your project.

For outbound mail

  1. Deactivate the mail routing connector/outbound flow settings that you set up in section 5.
  2. Check that mail is now routing independently of Cloudiway.
  3. Send a request to Cloudiway to close your project.

7. Troubleshooting

Cloudiway provides an extensive knowledge base with many resources, including common error messages, video guides and downloads.

Please visit the mail migration knowledge base area here:

http://kb.cloudiway.com/category/faq-cloudiway/cloudiway-migration-products/mail-migration-faq-cloudiway/
Please visit the entire knowledge base here (where you can search for keywords or read through topics): http://kb.cloudiway.com/

The knowledge base also contains information on how you can ask for further support, should you require it.


Download PDF Here:
Free trial
Want to try?
Free trial
Demo
How it works
Demo
Contact
Any questions?
Contact