I’m a happy Google Workspace (G Suite) user – I love the convenience of being able to use Google Drive, Gmail, and other Google services on my own domain. I’m also a happy MXroute user, which allows me to host a ton of email accounts for my other domains without paying per user.
However, one feature it’s missing (and that competitors like Microsoft 365 have) is a mail-only account that doesn’t cost as much as a normal account.
My use case for this was my Jira Service Desk deployment – I wanted a mailbox where end-users could send emails, and JSD would poll that mailbox to automatically convert each email into a ticket. Of course, I could do this with Google Workspace, but then I’d need to pay another $6/month for an additional user…. OR I could figure out a way to make Google Workspace and MXroute work together so both services can receive emails on the same domain 🤔
(A quick disclaimer: this configuration is NOT supported by MXroute or DirectAdmin, the control panel MXroute uses, which is why I had to get hacky to make it work! Also, although these steps were tested with MXroute, they should work for any host using DirectAdmin.)
What is split delivery?
Split delivery is basically a feature in Google Workspace, among other email services, that lets you set your MX records to their service while having some email addresses have their mail handled by that service and other email addresses have their mail handled by another service. It’s very useful for cases like organizations looking to gradually migrate users from one email service to another (e.g., MS 365 to Google Workspace)… or a case like mine. Here’s a diagram:
Configuring this wasn’t too hard, and everything worked fine following Google’s instructions. I added my domain to my MXroute account, set MXroute’s MX servers as the new route in my Google Workspace accounts, and left my domain’s MX records set to Google Workspace.
The problems
Though all the configuration seemed fine, in practice, email did not work fine. Delivering emails to Google Workspace users worked fine, but I couldn’t successfully send emails to my MXroute users (i.e., the “No” path in the flowchart above). I kept having emails bounce with the error:
550 relay not permitted, authentication required
Basically, the MXroute server doesn’t know that it’s an email host for my domain.
I found an interesting post on the DirectAdmin forums, the instructions from which I tested but which didn’t actually fix anything. What did work was:
- At my DNS host, set the MX records for some arbitrary subdomain like mx.example.com to MXroute
- Set mx.example.com as the destination for the “change route” option in Google Workspace’s filter (split delivery) configuration
- Apply DKIM/SPF records for MXroute AND Google Workspace both on example.com
- Tick “Use this server to handle my emails…” under DNS Management > MX Records in DirectAdmin:
Right after doing those 4 things, receiving emails worked for both Google Workspace and MXroute users on my domain, and so did sending emails (mostly), including SPF/DKIM validation! 🎉
Except for one small caveat… sending any emails from mxroute@example.com (a user in MXroute) to workspace@example.com (a user in Google Workspace) did not work, even though sending from workspace@example.com to mxroute@example.com did. This stems from the fact that exim (the MTA) in DirectAdmin does not check the real MX records for the domains it’s hosting email for, even if you implicitly tell it to by setting the MX records to an external mail server. Instead, it’ll just bounce emails if the destination address doesn’t exist on the DirectAdmin server (even if it does at the mail server specified by the domain’s MX records).
In cPanel there’s a “mail exchanger” feature that can easily resolve this issue, but the only way to work around this issue in DirectAdmin is to do this:
- At my DNS host, set the MX records for some arbitrary subdomain like google.example.com to Google Workspace
- In DirectAdmin, create forwarders like google@example.com -> google@google.example.com for every Google Workspace email address on the domain (using Google Admin’s tools to export a list of all users and their emails can help with scaling this)
Voila! Now outbound email MXroute -> Google Workspace works too.
Yeah, this isn’t very scalable, but it works alright in my case since I only have a few emails in Google Workspace. (If I had to do this at scale I’d probably opt for a email provider like MS365 that natively supports “split delivery” with Workspace, rather than hacking it together with MXroute, even though I’d have to pay ~$1.3/month for every email-only MS365 account)
Moral of the story: email is complicated, but hackyness always prevails 🙂