Hybrid (Gsuit + Zimbra) email solution [Without Barracuda ESG]

 Introduction

Often our client requests us to provide them email solution where they can experience enterprise level email solution (For limited users) while keep using their on-premise email server. Below documentation is prepared based on this kind of hybrid email solution.

 

Objective

Building an email service architecture where it will consist of:

1.       Gsuit based email service for some users of a domain

2.      Zimbra based email service for rest of the user of the same domain

  

Prerequisite

User shall/may have at least one of above mentioned (Gsuit or BOL) email services. Then we shall integrate the solution as per their requirement.

 

Description

Let’s assume that one of our clients has their existing Zimbra based email service under their domain (example.com). The mail server consists of below information:

 

Domain Name	example.com
DNS Record	A – (Published)   PTR – (Published)   SPF – "v=spf1 mx a a:mx1.bol-online.com a:mx2.bol-online.com a:mx3.bol-online.com a:mailx.bol-online.com a:mail.example.com ~all"   MX – mail.example.com
Email Account List	abc@example.com bcd@example.com cde@example.com
Barracuda ESG Service	No

Now client requested us to provide them Gsuite based email service for below mentioned high priority user:

 

Gsuit based email accounts

pqr@example.com xyz@example.com

 

To achieve that under above mentioned circumstances, we shall follow below steps:

 

Step#1

 Activate a G-suite portal with the desired domain (example.com)

 Above mentioned user ID (pqr & xyz) shall be created from the “Users” option of the “Admin Portal”

 

 Step#2

 We need to modify the MX record of the domain (example.com)

 We shall remove existing MX record (mail.example.com) and set google’s MX records as domain’s(example.com) MX record.

 

Updated MX records:

example.com  MX preference = 10, mail exchanger = alt4.aspmx.l.google.com

example.com  MX preference = 5, mail exchanger = alt1.aspmx.l.google.com

example.com  MX preference = 5, mail exchanger = alt2.aspmx.l.google.com

example.com  MX preference = 1, mail exchanger = aspmx.l.google.com

example.com  MX preference = 10, mail exchanger = alt3.aspmx.l.google.com

 

 

Step#3

 We shall remove all previous SPF/TXT records. Because now we need to validate gsuit & Zimbra server both as authorized sender for this domain

 

Updated spf/txt record:

"v=spf1 include:_spf.google.com ip4:zimbra_server_ip ~all"

 

Remarks:

In the updated MX record, we have added Gsuit, Zimbra_server_ip

 

Step:#4

We must ensure that to login into the Zimbra server web interface A record for mail.example.com should be pointed towards the Zimbra server.

 

IP                                Hostname

Zimbra_server_ip      mail.example.com

 

Step#5

After all initial setup (Setp#1 to Step#4), now only  gsuit can send & receive emails of the mentioned domain (example.com). And Existing Zimbra server can only send emails.

As MX records are pointed towards the g-suite, Zimbra has to receive email through  g-suite.

Therefore, we need to modify existing g-suit settings as below:

 

Goto G-suite Admin Panel:

1.       We can go through APP > Gmail > Settings for Gmail

OR

2.      We can search “Hosts” in the search bar.

3.      In the “Settings for Gmail” page, select “Hosts”.

4.      Click “Add Route”. Fill following fields:

a.       Name [Any Name]

b.      Specify Mail Server

                                                                                                  i.      Select Single Host

                                                                                                ii.      Mail Server Address/Barracuda ESG address

[In this case, we have barracuda protection for our Zimbra email server. Hence, we will receive email via antispam1]

 

Example:

Antispam1.bol-online.com           :25

 

                                                                                              iii.      Check mark “Require CA signed certificate” (Recommended)

c.       Save

5.       Now we have an external host. We need to route emails to the external hosts in case of external delivery as follows:

 

Goto G-suite Admin Panel:

We can go through APP > Gmail > Settings for Gmail > Default routing

 

a.       Add Rule

b.      Specify envelope recipients to match

Select pattern match and insert

.*example.com.*

 

c.       Go to the Route option:

Select Change Route

Select the Hosts settings name from the dropdown list.

d.      At the bottom, select Perform this action only on non-recognized addresses.

e.       Save

 

Now, our g-suite knows that if any incoming email comes it will lookup the local user list. If the user does not exist than it will forward the traffic towards the configured destination (Hosts & Default routing) settings. 

           

            Step#6

 So far we have done that,

1.       Zimbra server can send email itself

2.      Zimbra Server can receive email via g-suite routing

3.      Gsuit can send & receive email.

 

So now remaining tasks are:

a.       Allowing gsuit users to send email to Zimbra users

b.      Allowing Zimbra users to send email to Gsuit users.

 

If g-suite user xyz@example.com wants to send email to Zimbra user abc@example.com . It will route the email towards the Zimbra server after looking the local user list. The Zimbra server will not allow it as the user does not exist in the server. To over come this challenge, we need to do followings:

            

a.       Allowing gsuit users to send email to Zimbra users

ü  List all user accounts from g-suite and create them into the Zimbra server.

 

b.      Allowing Zimbra users to send email to Gsuit users.

ü  By default, all g-suite user account has a secondary email account with a subdomain of the existing domain

 

Example:

Primary Account:

xyz@example.com

Secondary Account:

xyz@example.com.test-google-a.com

 

ü  So if we send email to secondary account, user xyz will receive the email in his regular inbox.

ü  Now we will set forwarding rules into the respective g-suite users at Zimbra admin Panel. That all mail coming to the xyz@example.com

      (At Zimbra Server) will be forwarded to the xyz@example.com.test-   google-a.com (At G-suite Server). By this when abc@example.com (of ZimbraServer) will send mail to  xyz@example.com (of Zimbra server) it will delivered to xyz@example.com (of G-suite Server) via xyz@example.com.test-google.s.com

 

 Step#7

 Now all are set. We shall test extensively from random source to destination.

 

Incoming Mail
Src. Address	Src. Server	Incoming MX	Dst. Address	Dst. Server	Status
Gmail.com	Gmail	G-suite	xyz@example.com	G-suite
Gmail.com	Gmail	G-suite	abc@example.com	Zimbra
Outlook.com	O365	G-suite	xyz@example.com	G-suite
Outlook.com	O365	G-suite	abc@example.com	Zimbra
Yahoo.com	Yahoo	G-suite	xyz@example.com	G-suite
Yahoo.com	Yahoo	G-suite	abc@example.com	Zimbra
bolcorp	Zimbra	G-suite	xyz@example.com	G-suite
bolcorp	Zimbra	G-suite	abc@example.com	Zimbra

 

 

Outoging Mail
Src. Address	Src. Server	Outgoing Relay	Dst. Address	Dst. Server	Status
xyz@example.com	G-suite	G-suite	Gmail.com	Gmail
abc@example.com	Zimbra	Zimbra	Gmail.com	Gmail
xyz@example.com	G-suite	G-suite	Outlook.com	O365
abc@example.com	Zimbra	Zimbra	Outlook.com	O365
xyz@example.com	G-suite	G-suite	Yahoo.com	Yahoo
abc@example.com	Zimbra	Zimbra	Yahoo.com	Yahoo
xyz@example.com	G-suite	G-suite	bolcorp	Zimbra
abc@example.com	Zimbra	Zimbra	bolcorp	Zimbra

 

 

Internal Mail
Src. Address	Src. Server	Via	Dst. Address	Dst. Server	Status
abc	Zimbra	Local Lookup	bcd	Zimbra
abc	Zimbra	Zimbra Forwarding	xyz	G-suite
xyz	G-suite	Local Users List	pqr	G-suite
xyz	G-Suite	External Routing	abc	Zimbra