Config Securence for inbound filtering in front of Gmail hosted email

In Gmail

  • Configure Gmail to allow Securence as an Inbound mail gateway in GMail
    • For documentation:
    • Add Securence IP ranges found on the bottom of the Securence admin pages
      • 216.17.3.0/24 and 204.11.209.64/26
      • Check the Disable Gmail spam evaluation on mail from this gateway box.
    • We recommend selecting “Automatically detect external IP” and “Reject all mail not from gateway IPs”
    • If you require TLS delivery from Securence to Gmail
      • In Securence create an Encryption Policy:
        • Rule Type: Incoming
        • Original Server to Securence: “All Domains”, “Do Not Require TLS”
        • Securence to Your Server: “All”, “Opportunistic TLS” , after verifying TLS delivery change to “Require TLS”
        • Precedence: “Place at the Beginning”
      • In Gmail:
        • Select “Require TLS for connections from the email gateways listed above”
      • Be sure to test these settings.  Incorrect settings can cause email delivery to stop.  Messages delivered to Gmail using TLS will have a “x-securence-tls-suite-outgoing” header specifying the TLS Cipher used to deliver the message to GMail.  If this is missing, the message was not delivered to GMail using TLS.
    • In Securence, never disable incoming spam, virus or phish filtering.  This will cause spam messages to get sent to Gmail and can cause delivery issues for non-spam messages.
  • Configure Securence to deliver incoming mail to GMail
    • Enable Domain Settings -> Incoming Settings -> General -> SPF Compliance -> Apply SRS when delivering to your server
      • This will cause Securence to modify the mail from in a way that prevents messages from getting rejected by Gmail because of SPF issues.
    • For documentation:
  • Change MX Record to point to Securence, found on the bottom of the Securence admin pages